SINGLE POINT OPERATIONS
There are many organizations that have a Command Center, and a Network Operations Center, and a Security Operations Center, and an Information Security Operations Center, and ...Our solution is to combine them into a single SPOC, with a secondary ROC (Remote Operations Center) which serves multiple purposes
Next Generation SOC
There are many organizations that have a Command Center, and a Network Operations Center, and a Security Operations Center, and an Information Security Operations Center, and ...Our solution is to combine them into a single SPOC, with a secondary ROC (Remote Operations Center) which serves multiple purposes of:
Continuity of Operations Plan, Surge support, Remote backup, and others.
What the SPOC allows you to do is have a Commander that is in charge of ALL security/law enforcement /legal/physical/ ...and he can easily task any of the teams, or let the teams select their work and run independently. Each of the Deputies under that Commander will be in charge of their own area, be it OSINT, or Forensics, or HUMINT, or other.
An example of something this would allow that you likely do not have at this time is the following scenario: Law enforcement captures a laptop that was placed with a bomb. Whose laptop is it? Well, in our scenario, your forensics guys from law enforcement called in forensics guys from the SOC, and OSINT guys from their division, and go through the wireless access points that the machine was connected to determine patterns of behavior, and trace it back to some profile, or group, or a specific person. Then, if needed, you call in the HUMINT guys to take that information and find the specific person. All of this happens in real-time because they are all in the same building, if not on the same floor, if not in the same office. Things like this make dramatic improvements in response time, and getting "left of boom"
As for cost savings, you could have people cross-pollinate and do more than one job. This allows you to have 10 CCIE network guys working in the SPOC instead of 8 in the NOC, 8 in the SOC, 4 in the ISOC, etc. AND that ONE absolute genius expert that you were able to find can help out ALL groups instead of just the single office that s/he works in.
One of the problems that we have found with the current way things are done is that there are too many silos; too many groups working in isolation. This problem is not unique to the US/ Canadian Government, or Commercial, or foreign governments. Whether it is due to a need for separation because of the classification of work, or because of legal / regulation requirements, or other, almost all organizations work in this manner.
Putting the various silos under one roof working on joint problems with a guy at the top with the trust to break through those barriers and encourage the groups to work together, but also have the authority to remove or fire those that do not participate fully.
THE ONE MAIN CONCEPT THAT WE WOULD LIKE TO GET OTHERS TO UNDERSTAND IS THAT THERE ARE FOUR PREDATOR/PREY MODELS IN THE SECURITY WORLD, AND THEY ARE AS FOLLOWS:
The idea here is that we apply standard, tried and true HUMINT principals to the internet world. Our team has experience in developing SOC, TOC, NOC, etc. We do everything from the design and architecture to staffing and teaching. We do not, however, have a canned solution. We need to work with our clients and customers to help them craft the solution that will be the best fit for them, as well as how to transition from the current state to the end state with as little disruption to staff and operations as possible.
Our team consists of a collection of some of the best minds in the world. These are not people that are Ph.D. researchers but are people who have done these exact tasks in the real world with large multinational corporations, and large government agencies. All of the design features in our SPOC have come out of the experiences of one or more individuals and vetted by the rest of the group as being valid. There is nothing in our designs that "should work in theory", it has all been proven to work in practice.