Socwise logo
close
Erik Kovács
01/16/2025

From SOAR to Red Teaming: A Look at the CDA Team's Cybersecurity Expertise

Erik Kovács
SOCWISE's CDA team employs the latest defensive and offensive techniques, including SOAR, SIEM, pentesting, and red teaming, to bolster corporate cybersecurity.

Both defensive and offensive security techniques are essential to ensure the protection of modern corporate infrastructure. SOCWISE's CDA (Cyber Defense Advisory) team uses the latest technologies to prepare organizations for possible attacks and how to prevent them.

Defensive techniques

SOAR (Security Orchestration, Automation and Response)

  • SOAR automates incident handling processes during security operations.
  • It supports and reduces the work of analysts, as SOAR automatically investigates incidents and takes the necessary action.
  • The SOAR system can be integrated with other systems, such as SIEM, to effectively manage incidents.

Palo Alto XSOAR:

The InfoSec division's CDA team currently uses Palo Alto Networks' XSOAR automation solution. They are constantly monitoring new SOAR solutions available on the market to select the best tool for their customers' needs.

SIEM (Security Information and Event Management)

  • In addition to SOAR, the CDA team uses the NetWitness' SIEM system to collect and analyze network and security events in real time.
  • These systems allow you to quickly identify potential threats and take appropriate action in response.
  • SIEM solutions integrate log data from different sources and provide automated analysis to help detect security incidents.

SOC deployment and consulting

The activities of the CDA team are closely linked to the operation of the Security Operation Centre. The three pillars of SOC are People, Processes and Technology.

  • The technological pillars are the SOAR and SIEM systems and other threat intel platforms.
  • The human pillar is the team of trained analysts who manage incidents.
  • Process automation and the creation of playbooks are the cornerstones of the processes.

Ongoing developments and proposals

SOC is constantly evolving to take account of changing technology and attack methods. Accordingly, CDA experts provide analysts with suggestions on how to manage processes more effectively. These suggestions can later become automatisms in the SOAR system.

The SOAR system for automating incident management is flexible and versatile. For larger companies, a SOAR system can be truly effective, as the number of incidents generated justifies automation. And customer preferences can vary, and it is important that security teams are responsive to these needs.

Security automation is constantly evolving and adapting to customer needs and changing technologies.

Offensive techniques

The most common offensive techniques used by InfoSec division:

Pentest (Penetration Testing)

  • The pentest aims to find and exploit vulnerabilities in systems.
  • It aims to validate and exploit vulnerabilities.
  • Ethical hackers (pentesters) test systems to validate vulnerabilities.
  • During the pentest, all possible weaknesses are tried to be identified.
  • Pentest tries to find vulnerabilities in a wide range of systems.

Advantages:

  • Increasing security
  • Evaluate the real exposure of the organization to attacks.
  • Meeting compliance requirements: many industry standards require regular penetration testing.

Red Teaming

  • Red teaming is a special security exercise in which experts carry out a simulated attack on an organization in order to identify weaknesses in its defenses.
  • The aim is to improve the security preparedness of the organization and test its ability to detect, respond and recover from real threats.

Advantages:

  • It helps to identify weaknesses in security systems and processes.
  • It shows how well the organization would be able to withstand a real attack.
  • Increases resilience to attacks, both technical and human.

Purple Teaming

  • Purple teaming is a cooperative approach between the red (offensive) team and the blue team (defensive) team.
  • The aim is for the two teams to work together, share information and improve protection.

Advantages:

  • Purple teaming helps to build a more effective defense.
  • Test the effectiveness of SOC and processes in practical scenarios.

In conclusion

These methods contribute to strengthening the security infrastructure at the level of technology, processes and people. An important value is that they make incident management more efficient through automation, in which the use of artificial intelligence will play an increasing role in the future.

The CDA team takes a comprehensive approach, using the latest technologies and methodologies to help organizations prepare for cyber-attacks, respond quickly and effectively to incidents, and continuously evolve their security infrastructure in the face of changing threats and technologies.

Watch the introduction of our team leader

SOCWISE © 2022 ALL RIGHTS RESERVED  Business value protection in expert hands.
crossmenu
SOCWISE
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.