2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Airport operator MAG boosts threat visibility with hybrid SOC

apple-touch-icon-144x144-precomposed.pngAirport operator MAG boosts threat visibility with hybrid SOC>
Computer Weekly – Alex Scroxton,
Manchester Airports Group (MAG) carried on regardless, enacting a brand new cyber security strategy and ditching a long-standing third-party provider in favour of its own in-house security operations centre (SOC) supported by Bridewell Consulting. It says it is reaping the benefits in terms of increased resilience and visibility. Johnson describes the ensuing job of deploying an in-house SOC across three geographically dispersed airports in under six months as the biggest single project of his career, and one that he would not have been able to accomplish had he not been able to lean on the expertise of a provider that had already been there and bought the t-shirt â Bridewell even embedded a dedicated SOC analyst within MAGâs team to keep things moving along, and also to cut down on the need for Johnson to fork out on more training.

The specific target of 70% coverage of MAGâs estate was achieved at the end of this phase, and things then moved forward into the second, final stage of deployment, which was completed in March 2021. For Johnson, the most immediate visible impact was visibility itself.

The previous incumbentâs legacy tools had maxed out at about 5,000 events a second from the 75% of the MAG IT estate that it could see, but by the time the deployment had finished, the SOC team was seeing about 80,000 events a second with 95% of servers and endpoints visible. Johnson describes the benefits as immeasurable.

New artificial intelligence (AI) and machine learning capabilities have helped smooth the path still further. The old tools were very much based around use-cases, with defined criteria and alerts generated based on those criteria, says Johnson.

The culmination of all this is that MAGâs security team is now planning even deeper level changes based on what it can now do. For example, says Johnson: âWeâre looking to ingest a lot more threat intel and move to a much more threat intel-led, rather than alert response model, integrating with some threat intel platforms to help tell us where we ought to be focusing our attention. I think thatâs going to be a big shift for us.â
Link: https://www.computerweekly.com/news/252508144/Airport-operator-MAG-boosts-threat-visibility-with-hybrid-SOC

Categories:

Tags: