Enhancing SOC capabilities through technology and strategy

At a CYBER Breakfast organised earlier this summer by the MITA-NCC, which forms part of a series of events intended for the National Cybersecurity Community to tackle emerging topics in the field, the need for businesses to take a holistic, wide-view approach to cybersecurity was emphasised.

The event began with a key presentation led by Christopher Cutajar, Principal Information Security Engineer at Elastic, and highlighted the evolving technological landscape in cybersecurity and explored ways to optimise Security Operations Centres (SOCs) by integrating multiple advanced security tools.

During his presentation, Mr Cutajar focused on Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Extended Detection and Response (XDR). These are critical tools that cybersecurity teams employ to enhance threat detection, automate responses, and manage security incidents more effectively. Mr Cutajar discussed the benefits of these tools, including improved visibility into security events, automated threat detection, and risk management, which allow teams to uncover unknown threats and act swiftly in response to anomalies.

One of the key takeaways from the presentation was the emphasis on the growing need for a holistic approach to cybersecurity that involves unifying data from across an organisation’s digital environment. Mr Cutajar described how a properly configured SIEM can provide a centralised snapshot of a company’s IT infrastructure, enabling teams to continuously monitor and act upon security threats with precision and speed. By incorporating SOAR, companies can automate repetitive tasks, allowing analysts to focus on more complex issues while ensuring quicker, more efficient responses to incidents.

The event also hosted a fireside chat, moderated by Kenneth Bone from the National Cybersecurity Consultation Council for the National Cybersecurity Community, which featured speakers Reuben Gauci, SOC Service Manager – MITA and Stefan Saliba, IT Operations Security Manager – Betsson Group. The discussion revolved around the differences and challenges between managing onsite and outsourced SOCs, with Reuben Gauci offering insights into MITA’s onsite SOC and Stefan Saliba providing perspectives from Betsson’s managed SOC.

Mr Gauci emphasised that a SOC’s success is heavily reliant on optimising both people and processes. He discussed the importance of proactive threat hunting and ongoing security monitoring to detect any anomalies or incidents, with the ultimate goal being to secure digital assets and maintain business continuity. Mr Saliba, on the other hand, shed light on the advantages of a managed SOC, particularly in terms of cost and scalability, noting that Betsson has extended its SOC to users, training them as Tier 1 analysts to promote early detection.

Both speakers touched upon the growing challenge of cybersecurity talent recruitment, highlighting the difficulty in finding skilled analysts with the right aptitude. This issue is exacerbated by the rapid pace of technological advancements and the ever-evolving threat landscape, making continuous training and upskilling essential.

The event concluded with a strong message for organisations, especially SMEs, to adopt basic cybersecurity measures. Mr Saliba and Mr Gauci advised that vulnerability management, training, and disaster recovery plans should form the foundation of any security strategy. They also stressed the importance of cultivating a security-focused culture, with ongoing assessments, incident drills, and clear protocols for handling security incidents.

MITA-NCC’s CYBER Breakfast events, supported by EU funding, continue to provide valuable insights into the pressing issues of cybersecurity and highlight the importance of technology, people, and processes in maintaining robust digital defences.

Visit ncc-mita.gov.mt for more information and join the community today.

This article is co-founded by the European Union.