Gavin Coulthard, Manager Systems Engineering of Australia/New Zealand, Palo Alto Networks, said, “Many government organisations are shifting their cyber security approach by moving away from a collection of point solutions, ad-hoc entities, and processes towards a more deliberate structure. This structure is known as a dedicated Security Operations Centre (SOC) to manage and monitor a unified security architecture.”
Palo Alto Networks advises a four-step framework that form the foundation of a new or revitalised SOC:
Gavin Coulthard said: “The sheer magnitude of government IT systems that most SOCs protect drives the need for an intelligence-centric approach. The most basic aspect of this approach is a comprehensive understanding of the specific government IT environment used to deliver services to the government agency or agencies. Likewise, an understanding of the government’s enterprise network topology, including all connections (internet, mission partners, cloud providers and vendor specifics) is needed for an understanding of attack vectors.
“In its infancy the SOC will most likely be reactive. Ultimately, though, the SOC must engage in threat identification and understanding to develop a proactive cybersecurity approach.
“Building a SOC may seem onerous but the payoff, with improved visibility, intelligence, and protection for the government in challenging times, will be well worth it.”