By Caesar Tonkin, Managing Director at Armata Cyber Security
Business continuity is critically important for every organisation, no matter what its size. In today’s digital and interconnected world, there are no guarantees that your business will not suffer a cyber attack, and it is then a case of ‘How do you respond to the attack?’ and ‘How quickly?’
Against this background, Armata Cyber Security was pleased to expand its existing security offering recently with the launch of its Armata Security Operations Centre (SOC), providing clients with agile and relevant threat protection through the advanced security technologies inherent within Microsoft Sentinel. Our team of IT security professionals takes pride in protecting our clients’ organisations by monitoring, detecting, analysing and investigating cyber threats.
The SOC is open to customers once a month, when we showcase the facility to our customers in small groups, thereby allowing visitors to experience the centre and its state-of-the-art technology in a truly hands-on manner.
Our skilled SOC analysts continuously examine our clients’ networks, servers, computers, endpoint devices, operating systems, applications and databases for any sign of a cyber security incident, and are on hand to swiftly detect and automate the response to security incidents. As an added bonus for our clients, we are very pleased to be able to demonstrate all this in a live, interactive manner.
The Armata SOC team: L to R Jeanne Yzelle, Head of SOC; Kulani Baloyi, Tier 2 SOC Engineer; Gift Ngomane, Tier 1 SOC Engineer
Welcome To the Armata SOC Coalface
By analysing feeds, establishing rules, identifying exceptions, enhancing responses and keeping a look out for new vulnerabilities, we are your ‘eye in the cloud’ to reduce the risk of data breaches, unauthorised access and other malicious activities within your network.
The visits to the Armata SOC include a physical walkthrough and an interactive online demonstration. During the demonstration, which uses a Microsoft Sentinel dashboard, we are able to see security alerts coming up which can be categorised as either ‘Benign True Positive’ (meaning suspicious but expected – an action that is real, but not malicious, such as a penetration test or a known activity generated by an approved application); False Positive (a false alarm, meaning that the activity didn’t happen); True Positive (a malicious action that is then required to be identified) and Undetermined.
For each alert, the security analyst will ask the following questions to determine the alert classification and help decide what to do next:
- How common is this specific security alert in your environment?
- Was the alert triggered by the same types of computers or users? For example, was the alert triggered by servers with the same role, or perhaps by users from the same group/department? If the computers or users were similar, you may decide to exclude this alert to avoid additional future false positive alerts.
It should be noted that an increase of alerts of the exact same type typically reduces the suspicious/importance level of the alert. For repeated alerts, our SOC analyst will verify configurations, and use security alert details and definitions to understand exactly what is happening that trigger the repeats.
Other offerings from the Armata SOC include the following:
- Vulnerability management;
- Endpoint detection and response (EDR);
- Penetration testing as a service;
- Email security service; and
- Privileged access management.
During the customer visits, the entire SOC team meets with our clients, taking them through key aspects of the facility in an interactive manner. We like to think of ourselves as being both cyber warriors as well as defenders, and so Armata’s branding incorporates the use of the symbol of Athena, the Greek goddess of wisdom as well as war – twin aspects that encompass two of our primary qualities in carrying out cybersecurity services for our clients.
The Armata SOC premises can accommodate up to 30 team members, with some 2,000 customers currently being serviced.
Armata Has Your Security Requirements Covered – No Matter Your Size
While larger organisations can afford to run large in-house SOCs, staffed with trained experts with the correct skills, this is not generally a viable option for smaller businesses, which often battle to compete with larger companies when it comes to attracting and retaining qualified employees. If an organisation wants to build its own SOC team, an estimated 60 percent of the costs involve the employees who are necessary for building up the workforce – while the threat of having these skilled workers poached is very real.
For this reason, the Armata SOC is of particular interest to the larger SMBs – small to medium businesses – but we are, in addition, a force to be reckoned with in providing enhanced and advanced security to mid-market organisations and larger enterprises as well.
Final Thoughts
The Armata SOC analysts address any potential threat that your company might experience – our aim is to minimise the impact of potential security incidents on your operations. Customers are assured of both reactive as well as proactive security services, as the Armata SOC is focused exclusively on robust protection against attacks, threats and vulnerabilities.
In an age when all organisations – including smaller companies – require robust protection to keep their data safe and compliant with regulations, the Armata SOC is on hand to offer you peace of mind.
Please contact us if you would like to book an in-house visit with us and experience an interactive introduction to the Armata SOC for yourself and your colleagues.