To outsiders, the security operations centre (SOC) can seem like an impenetrable black box.
To lift the lid on what really goes on inside Airbus Protect’s SOC, we interviewed Pauline and Valentin, two of our analysts.
Pauline: Our job is to watch our customers’ information systems and detect suspicious behaviour. Whether they’re part of Airbus Group or an external customer, we gather data from their machines and analyse it to spot any potentially malicious behaviour. We work as a unit, which enables us to cover a wider scope and take advantage of a broad range of skills across the team.
Valentin: The SOC is a 24/7 team. As Pauline said, our job involves monitoring customers’ computer networks to spot suspicious behaviour. We aim to detect cyberattacks that could cause severe financial or reputational damage. We do this by looking at ‘events’ in real time and applying analysis and detection rules. We use tools like SIEM, (E/N/X)DR and IDS (you can find out what all this jargon means here). We also use SOAR to manage automation and pivot between different sensors. When we raise an incident, we conduct various technical investigations to find its root cause and escalate it to the incident response team if needed.
Pauline: Often! The cyber threat intelligence (threat hunting) team helps us stay abreast of new and emerging threats, while we typically escalate security incidents to the incident response team, so they can help find a remediation. We also work with the service management team to manage contracts and customer relationships.
Valentin: Of course, we work with other teams. It’s an essential part of our everyday job! Firstly, we have a team of administrators, integrators and cybersecurity architects who support our daily operations. They manage our platforms and infrastructure. We regularly talk to them about the SOC’s current and future needs, and without them, there would be no systems to work on.
Also, as Pauline mentioned, we regularly work with the cyber threat intelligence and incident response teams. The former focuses on threat monitoring, allowing us to update our detection strategies constantly. The latter is like the cyber fire brigade. When we have a proven security incident on our hands, the SOC and incident response teams work together to remediate it as quickly as possible. The incident response team brings advanced technical knowledge, and the SOC brings experience of customers’ IT systems.
Finally, we work with project and service delivery managers to establish roadmaps for our customers’ security projects.
Valentin: Personally, I enjoy the constant technical challenges. These force us to stay abreast of cyber trends, developments and solutions, as well as the evolution of our customers’ systems. I love learning about new technologies, protocols and even security solutions. I also enjoy collaborating with other teams like cyber threat intelligence and incident response and advising customers on detection strategies we can deploy together.
Pauline: I really like the human aspect of this job. Teamwork is critical in a SOC, since all our combined skills are needed to keep customers safe! As SOC analysts, we must constantly communicate, helping each other as needed. I also enjoy building strong, trusting customer relationships. Our customers play a crucial role in helping us understand their organisation and what assets/systems are the most critical. By the same token, we offer them valuable advice on keeping their information systems safe and healthy.
Cybersecurity What happened to the NHS a year ago? Let’s find out with Gareth, CTI & Vulnerability Lead at Airbus Protect Introduction to NHS Ransomware Attack A year has passed since the NHS fell victim to a further major ransomware attack which saw their critical NHS 111 service being taken offline alongside management systems for GP […]
Read more
Cybersecurity Ever wondered what it takes to become an incident responder? We asked Chaïma, an incident responder based in our Paris office, to tell us about her career trajectory so far.
Read more