How to Build Airtight Collaboration with Your SOC

How to Build Airtight Collaboration with Your SOC

By Gareth Tomlinson, director of Security Operations Center, NETSCOUT

With 8.4 million attacks seen last year, distributed denial of service (DDoS) attacks already vexed organizations worldwide. According to experts, however, the COVID-19 pandemic has already made things worse, as cyber criminals seek to cash in on increased vulnerabilities caused by overstressed systems. With that in mind, we called in the experts for some advice. Our Arbor Cloud Security Operations Center (SOC) is an elite team of DDoS experts charged with running the Arbor Cloud service, the world’s largest purpose-built DDoS network. The SOC team tailors protection for each customer environment and to ensure compliance with industry best current practices. The best service, however, happens when the team and customer work in complete collaboration. While the SOC team is extremely knowledgeable about DDoS, they will not know your environment, use cases, and network applications to the same level as you. Here’s what they recommend: 

  1. Meet with the SOC during provisioning to discuss service design and agree on options such as integration, automation, direct connections, GRE routing, and BGP peering. Another good thing to hammer out are lines of communication before, during, and after attacks. This eliminates misunderstandings of what is expected once the service is operational.
  1. Conduct a design review with your SOC engineer to make sure that all of your network address and hostnames are included in the service.
  1. Comprehensively test of all of the network addresses and hostnames being protected following service provisioning. This helps to establish initial base lines of customer traffic; find and troubleshoot any connectivity issues; and set up initial mitigation templates. It ensures that the service will work as expected when an attack occurs.
  1. Test the service quarterly. Networks are not static, and quarterly repeats of provisioning tests helps to identify changes to the environment that have an impact on the service. You can also use a third-party testing company to check on the quality and capabilities of the service being performed.
  1. Check the network periodically with your sales engineer or with the SOC. Reviewing the network address and hostnames being protected can often identify uncovered areas of the network.