Behind the Cybanetix SOC – Merlin Gillespie

Today we would like to introduce to you the team behind the Cybanetix Security Operations Center, and there is no better place to start with our Director of Operations Merlin Gillespie.

Merlin has been involved with the cyber industry for over 20 years and has a unique perspective on the current threat landscape. We managed to track him down for an interview to learn more about his experiences in the industry and why a Security Operations Center has become an integral part of an organisation’s security architecture.

What first got you interested in the industry?

Now, this is rolling back the years. When I was ten years old, I spent half my time in the UK and half my time in the US. The biggest problem with that is, I couldn’t get any news about Leeds United when I was across the pond. So, the only way for me to get this information was to dial into the Leeds fanbase bulletin board, which cost my dad awful a lot of money back then.

As this hobby became more and more expensive, I was inevitably banned from chatting to my fellow “Peacocks” fans. Although something good did come out of it. A fellow Leeds fan needed assistance with his very own bulletin board that was helping university students with their course work. From then on, I have always been around IT and communications.

How many incidents do you deal with daily?

For a typical medium-size company, there will be around 6,000 logs a sec. This ranges from you tapping into the car park all the way to John Smith rifling through accounts and downloading hundreds of payslips. We will then filter all this data into 30 typical use cases, allowing us to begin building a picture. Day 1 we should be expecting 30-50 alerts a day. We will continue to refine this by removing any noise that is raising unnecessary alerts. Finally, through regular engagement with the customers, we can paint a clear picture of and Identify true negatives. At this point, we should be expecting 1- 2 per week that will require investigation.

Why exactly do companies need a SOC?

The main issues that faces most mid to large organisations is that there is a gap of responsibility that lies between the infrastructure team and the security team, and that is where a SOC team will situate. IT infrastructure is continuously growing and changing, which makes it an ongoing challenge to secure. To resolve this issue, the security team would have to implement and sustain a SIEM throughout the constant growth, which can be a mammoth task for an great part of the organisation. By outsourcing the continual monitoring, we can sit in between the two parties and act as an independent third-party mediator

How does Cybanetix differ from the current market?

Unfortunately, the current market just doesn’t help medium to even some large business. The legacy product offerings are very expensive and require experts in their field to manage them correctly. Yes, they are very effective solutions and offer granular forensic benefits. Still, their success has come from giant corporations that have dedicated teams and resources that can implement the solution and maintain them continuously. For organisations that lack human resources, they will be left with a costly and unusable tool.

So by taking a different approach we have identified a cost-effective SIEM solution that we combine with user behaviour analytics, to offer the same standard and ability of granular forensic benefits at an achievable price for most mid to large organisations. On top of this, we have adopted a more consultative engagement. Time after time, I have traded war wounds of the wrong solution purchased for the wrong problems. This is why we are very engaging with our customer to ensure they are getting the product and service they need to successfully protect their business and people.