Meet Tan Wei Peng, Division Manager, Solution Presales and SOC Product Division, who is also the Chief Solution Architect of the SOCaaP. Since joining ST Engineering four years ago, Wei Peng has been deeply involved in the conceptualisation and development of cybersecurity operations centres (SOCs). He shares that it was through deep understanding of customers’ cybersecurity needs and pain points that he and his team came up with the Security Operations Centre-as-a-Platform (SOCaaP) solution.
We’ve invited him to share his challenges, opportunities and experiences gained through the development journey of SOCaaP.
AGIL Blog: With the Covid-19 pandemic situation, how important is the role of cybersecurity?
The current pandemic has shone a spotlight on cybersecurity as malicious actors increasingly exploit vulnerabilities of systems and devices as an unprecedented number of people around the world rapidly take to remote working arrangements. Cybersecurity solutions that can be built quickly and deployed remotely such as our SOCaaP are proving to be useful in addressing the immediate cybersecurity needs of businesses.
AGIL Blog: How has traditional SOC evolves to SOCaaP?
The traditional SOC is facing three key challenges:
Traditional SOC versus SOCaaP Challenges faced by SOC
- Inadequate skillsets and lack of cybersecurity professionals to run the operations.
- Insufficient correlation rules and processes impedes the efficiency and effectiveness of operations.
- High cost to build and maintain the technology as it evolves every 6 to 18 months
How SOCaaP address these challenges?
- Enables sustenance of cybersecurity expertise to manage and monitor the systems effectively.
- Provides well-defined processes and targeted use case to optimise actions. It enables SOC expertise to focus and pro-actively detects the unknown cyber threats.
- Supports technology relevance and maintenance by ST Engineering SOC experts.
SOCaaP is developed from our experience in delivering more than 15 SOCs for government agencies and commercial enterprises internationally. Our SOCaaP, an industry first, aims to eliminate these key challenges faced by organisations to provide greater operational efficiency and significant cost savings in monitoring digital assets. In this dynamic digital economy, organisation can now deploy and own their SOC in just a fraction of time and cost as compared to traditional SOC.
Since its launch last October, the SOCaaP has garnered strong interest from state and commercial organisations who are finding it challenging to sustain and stay ahead of the rapidly evolving cybersecurity landscape.
AGIL Blog: What encompasses SOCaaP?
SOCaaP is a complete suite of capabilities to protect, detect, respond and recover from cyberattacks. It offers a leading Security Information and Event Management (SIEM) with advanced analytics, threat intelligence and Security Orchestration, Automation and Response (SOAR) to provide automated, real-time analysis of security alerts with higher degree of accuracy. Its integrated decision dashboard conceptualise massive data and provide actionable insights for C-Suites and cybersecurity analyst to enable quick decision making. SOCaaP is also supported by a team of SOC experts to ensure the technology and processes are consistently updated.
AGIL Blog: What should cyber defenders do with the rapidly evolving cybersecurity landscape?
The dynamic nature of cybersecurity throws never-ending challenges at organisations and the teams who are responsible for safeguarding digital assets and infrastructures. With cybersecurity technologies having short lifespans, cyber defenders have to pick up new knowledge constantly to remain ahead of the technology curve to continue developing cutting-edge solutions that provide cyber resilience for customers.
Beyond technical skills, we should also adopt an adaptive and resilient work attitude, which will help better cope with intensifying pressures in the industry. We must also be professionally equipped and mentally prepared to take on the virtual battle for the long haul. It is through continuous learning and experiences gained on the job, coupled with a positive mindset, which have helped to yield a stronger and more resourceful cybersecurity warrior.
AGIL Blog: How have been the past 4 years experiences in ST Engineering?
Despite the challenges of the industry, the upside is that many organisations do recognise the importance of cybersecurity, which translates into a thriving sector with good career opportunities.
I am blessed to be given the opportunity to lead a team and gains job satisfaction to the open and dynamic learning culture here, which has helped me to grow my professional knowledge and expand my abilities in the field. Other than upskilling opportunities for my team and myself, focus group sessions are held regularly to facilitate cross sharing among subject matter experts, and to encourage brainstorming to spark ideas and innovations.
Beyond technical skills, I believe that cybersecurity defenders need to adopt an adaptive and resilient work attitude, which will help them better cope with intensifying pressures in the industry. They must also be professionally equipped and mentally prepared to take on the virtual battle for the long haul. This can be attainable with continuous learning and experiences gained on the job, coupled with a positive mind-set that have helped to yield a stronger and more resourceful cybersecurity defender.
Just as there is always a purpose behind every product design, I feel there is also a purpose in joining the right team, which is one that shares my optimism and engineering passion. To me, working with an enthusiastic, like-minded team in a supportive work environment are important factors that help to create new ideas and innovations, and I believe that I have found this sweet spot with my cybersecurity comrades.