At Rapid7, our Managed Detection and Response services team is housed around the globe to keep an eye on customer environments, no matter the time zone. In this video, Natalie Brady, MDR customer experience lead, and Cristo Aguayo, customer advisor, share a behind the scenes look into our security operations centre (SOC) in Northern Ireland. Highlights include:
Learn more about our Managed Detection and Response (MDR) services at Rapid7.
Natalie Brady: Welcome to Rapid7's international Security Operations Center, or SOC, here in Belfast, Northern Ireland. The SOC is a secure facility for monitoring, detecting, and responding to security incidents and issues.Show more Show less
Here in the SOC, we partner with our customers as an extension of their security and IT teams to respond to any security threats that they may have. We choose to have our international operations here in Belfast for a number of reasons.
First, we're here in Greenwich Mean Time, which means that we can support our customers both east and west. Our largest engineering office is here in Belfast also. Belfast is a young, vibrant city and attracts high-caliber candidates from all over the world.
The SOC deals with sensitive customer data, and we have a number of physical security measures in place. Firstly, the building is secure. Secondly, our Rapid7 offices are only accessed by a security pass. Finally, only authorized personnel have access to the SOC itself.
Cristo Aguayo: So a typical day in the SOC, normally, the SOC analysts coming in and taking a look at the daily task and logs that have been sent in order to detect anything or any instances, any security threats, that are occurring in real time.
Also some of the SOC operators will make sure that the daily scan tasks have been taking place, and also any troubleshooting that needs to be done. The customer advisors make sure that any kind of communications that need to happen with the customers are taking place as well.
Some of the members of our team have over 20 years of experience, and all members of the team have over 300 hours of breach response time. With a small team, it's very difficult to parse out the data that's necessary in order to find these incidents. But when you have a full dedicated team, they're able, and they know exactly what to look for, and they can pick out that information and bring it up to the top.
One of the benefits of having the SOC is that it allows us to provide 24-hour coverage and give our customers a peace of mind that if an incident does arise, we'll be able to respond to it in a timely manner.
Part of the day-to-day task within the SOC is to continue the process that allows us to monitor the information that we get from our customers every day. There's three different tiers, and each tier does a specific role in order to make sure that we keep close tabs on everything that's going on on the network.
Spotters handle the initial triage and vetting of alerts, in addition to escalations, reporting, and providing threat indicator feedback. Defenders focus on learning the ins and outs of dedicated customer environments and providing context or escalation support for spotters. This includes generating monthly reports for customers.
Finally, hunters are responsible for performing hunts and handling incident escalations. To learn more about the Belfast SOC, please visit us at rapid7.com/MDR, or contact us at firstname.lastname@example.org.