InfoGuard Cyber Security and Cyber Defence Blog

Red vs. blue ‒ why does the Cyber Defence Center set new standards

Geschrieben von Mathias Fuchs | 25 Jul 2017

It took about three months to be set up, and in May 2017 we finally celebrated the opening of one of the most modern Cyber Defence Centers (CDC) in Switzerland. But whoever should believe that behind the security doors, protected by palm vein matching biometrics, there is nothing but a hippy-like love-and-peace, is wrong. Here two groups, namely the “Red Team” and the “Blue Team”, confront each other daily in a relentless war. And although this is a bit taken to its extreme, what really happens is a healthy, targeted, friendly and playful competition, which goes of course to the benefit of our contractors and clients. You will learn in this article why the Cyber Defence Center is also named “SOC 2.0” or “SOC of the Future”; and also, why a Cyber Defence Center can be compared to a Fire Brigade, but not at all to the walls of a medieval city…

It wasn’t just the visitors who were impressed by the completed and operational CDC, but also the employees who now spend their days working in the modern- and futuristic-looking environment. But why futuristic? In truth, we believe this is the present! We are convinced that it corresponds to the present and that it is up to the requirements and standards of today. To put it another way, it “must be” up to these requirements and standards! Do you share our view? Then you can safely skip the next paragraph. If however you should disagree, then you must absolutely read on. We shall try to explain the concept by a somewhat clumsy, but easily understood, example.

City Walls Were Yesterday...

In the Middle Ages, kings would surround all important cities with great protection walls, to protect themselves against attackers, enemies, intruders and all other sorts of undesirable “visitors”. In this way, they felt safe – or at least, less unsafe. At the time, the protection walls were made of stone; today they consist of firewalls, software and hardware. But the risks at those times were the same as today: threats from inside, dangers that found themselves already inside the protection walls. In fact, it is not uncommon that dangers lurk in the inside. This happens often also in our times, and you too must conclude that hackers are already inside your network, actively doing their deeds. Why?

  1. Hackers become ever more intelligent, competent and dangerous.
  2. Also, your own employees and co-workers must be considered a potential security risk, be it deliberately or unwittingly.

...today the solution is called Cyber Defence Center

Businesses should guard themselves proactively against this state of things, that is, with an approach that is different from the traditional one: this means acting instead of reacting. Thanks to a Cyber Defence Center this is now possible. Reacting to threats should not be the only line of action; threats and potential attacks should be actively researched. This compares well to the present-day approach adopted by fire brigades: luckily, they do not sit and wait until a fire starts, and they are called to the place; instead, they set up a fire guard, install fire alarms, and are constantly on the lookout. They analyse past case stories of fires, and put into practice the lessons learned. A Cyber Defence Center does exactly the same.

SOC 2.0 or SOC of the Future

Many of our clients have been relying for years on the services delivered by our Cyber Defence Center, among which:

  • Security Information & Event Management (SIEM)
  • Vulnerability Management
  • Breach Detection and Cyber Threat Intelligence
  • APT Hunting
  • Incident Response and Digital & Mobile Forensics

The newer, bigger and more modern CDC offers us, and especially our clients, yet more and better opportunities. In a traditional SOC the focus lies in the central surveillance of IT resources and data, the search of evidence of attacks and the management of reactions to cyber threats; conversely, in a Cyber Defence Center there is the need for both tools and IT specialists for the recognition of attacks or infiltrations. In addition, the ruling factor consists of the presence of cyber-threat-and-intelligence analysts, and security experts.

Red Team vs. Blue Team

However, cybersecurity is not based only on defensive security, but also on offensive security. On one side the Red Team, consisting of cyber threat analysts and penetration testers; on the other side the Blue Team, with its cyber security and cyber defence experts. Simply put: while the Read Team focuses on the simulation of attacks, the Blue Team concentrates on fighting off exactly the same attacks. In this way, the learning curves of both teams are very steep. The two teams have different duties and commissions, but they pursue the same target: offering top-notch cyber defence to our clients!

Hackers seldom sleep – a CDC never does

In a Cyber Defence Center, all paths lead together to the recognition, analysis and repulsion of cyberattacks. What does it take to do this? First of all, of course, experienced specialists with a comprehensive know-how and understanding, the most up-to-date security tools, and also a well-sheltered operations room. In InfoGuard’s new CDC, all doors are fully protected by palm vein matching biometrics. Nothing is left to chance here, and so must it be: hackers of today show great professionalism, and are growing ever more technical competence and intelligence. The biggest challenge however is that they work round the clock. Hackers are always active, day and night. In the same way, a Cyber Defence Center must obviously function 24 hours a day, 365 days a year. This translates into an increase of staff requirements; self-learning systems and solutions based on artificial intelligence, supporting security analysts in the domain of breach detection, can act as a workforce relief only to a certain extent. They must be used, because future improvements are to be expected, which will make a CDC yet more efficient; but we are convinced that a full automation will never happen.

Looking back at the opening celebration

We wish to extend our thanks to all clients, guests, journalists, visitors and colleagues who took part to the event on May 31st. And if you were unable to take part to the opening of our new Cyber Defence Center, we have collected for you the best impressions and pictures, together with the most relevant numbers and facts. Click through the image gallery, and get for yourself an impression of our CDC – the SOC of the future.

 

Do you wish to be kept informed on the latest news and trends from the world of cybersecurity? Would you like to be invited to our events, and learn the news about InfoGuard and our partners? Then subscribe to our monthly Cyber Security and Cyber Defence newsletter!