How NetAssist’s Managed SOC Takes a Proactive Approach to Cybersecurity Via Purple Teaming

In today’s increasingly dynamic threat landscape, a reactive approach to cybersecurity is no longer sufficient to combat ever-evolving cyber-attacks.

Traditional Security Operation Centres (SOCs) typically focus on monitoring, detecting, and responding to existing cyber threats — a ‘blue team’ approach of using security information and event management (SIEM) and threat intelligence.

However, cyber criminals are continually improving their malicious tactics – a trend that has only worsened with the widespread availability of generative AI. That is why NetAssist has incorporated a team solely dedicated to proactive threat hunting, a ‘red team’, into our SOC operations to better protect clients from evolving threats.

What are Red & Blue Teams?

A blue team’s primary responsibility is to defend an organisation’s assets through analysing its security posture and taking measures to address existing flaws and vulnerabilities. The team is also in charge of monitoring breaches and responding to cyber threats, as mentioned above.

In contrast, a red team focuses on offense: their efforts are funneled into simulating cyber-attacks and probing client systems for potential vulnerabilities. This allows cybersecurity teams to anticipate attacks used by cyber criminals, take actionable solutions, and patch weaknesses before they are exploited.

By incorporating both red and blue tactics into our SOC operations, NetAssist is able to proactively neutralize potential attacks to our clients. This ‘purple teaming’ approach integrates the best of blue and red team activities, and allows us to deliver a more comprehensive and robust protection in compassion to traditional SOC services.

The Benefits of Purple Teaming

In our experience, unifying red team and blue team tactics into a singular SOC powerhouse result in more effective and holistic operations – which enables us to better strengthen our client’s overall security posture.

Article content

 

A Venn-Diagram of Red Team and Blue Team responsibilities.

For example, a purple-team SOC is capable of:

⦁ Improved threat detection: The red team provides insights into potential attack vectors by cyber threats, who in turn informs the blue team’s monitoring and detection strategies. This allows the SOC to stay ahead of cybercriminal tactics and identify threats quickly.

⦁ Enhanced incident response: By understanding how attackers operate, blue teams can develop targeted incident response plans that are more effective at minimising damage.

⦁ Strengthening security defenses: Red team vulnerability assessments guide the blue team’s implementation of improved security controls, monitoring parameters, and detection configurations.

⦁ Knowledge sharing: Active collaboration and knowledge sharing between the two teams allows the organisation to build a robust foundation of threat expertise, resulting in more efficient operations over time.

We aim to empower clients to not just react to threats, but to actively prevent them. With purple teaming bridging the gap between offensive and defensive security, we are confident that our SOC services are capable of proactive threat mitigation for our clients – and it will only continue to improve as we continue to innovate on our approach.

Have further questions? Please reach out to us at [email protected] for more information.

Linkedin

Keeping cyber security costs low: How to budget in compliance with Malaysia’s Cyber Security Bill 2024

With the recent introduction of Malaysia’s Act 854, businesses who are classified under the National Critical Information Infrastructure (NCII) must comply with new regulatory requirements, impacting on their financial budget for the upcoming quarters.

Fortunately, cybersecurity does not have to be prohibitively costly. As an experienced cyber security provider, we have compiled a list of strategic best practices to help organisations achieve compliance while keeping costs low.

 

1. Ensure strong policies are in place to showcase due diligence

A well-documented cyber security policy provides clear guidelines for protecting an organization’s information systems and data from cyber threats, such as: acceptable use of company devices, access controls and authentication methods, data protection and encryption protocols, incident response measures.

Article content
A strong cybersecurity policy is an organisation’s first line of defense against digital threats.

A strong cyber security policy for your organisation offers two key benefits.

  • It sets strong ground rules for employees to follow regarding online activity. This creates accountability among staff members, and reduces the risk of falling victim to common cyber pitfalls.
  • It serves as evidence of due diligence towards regulatory bodies and Sector Leads, which may potentially mitigate penalties in the event of a security breach.

 

2. Mitigate the risk of human error through training

Human error remains one of the leading causes of security breaches. According to a 2024 survey, 66 percent of respondents among Chief Information Security Officers (CISOs) in the United States identified human error as their organization’s most significant cyber vulnerability.

As mentioned previously, a strong cyber security policy helps with mitigating human error. Many organizations also provide training for cyber security awareness for their employees, educating them on common cyber threats and how to avoid them.

Phishing campaigns, where a third-party simulates phishing attempts on employees of an organisation, are additionally conducted as a follow-up assessment on staff readiness and the effectiveness of training sessions.

 

3. Keep software up-to-date, back-up data regularly

In today’s digital age, business solution software has been incorporated into many facets of daily operations. However, failure to upkeep these digital systems and technology can expose your organisation to several cyber risks.

For example, outdated software usually leaves several vulnerabilities for cyber criminals to exploit. Software patch updates are regularly sent out to close such vulnerabilities, hence businesses must diligently keep their software up-to-date to mitigate unnecessary cyber risks.

Scheduling regular data backups is another method for organizations to protect themselves from malicious cyber criminals, as it ensures that business intelligence can be restored quickly in the event of an incident.

 

4. Outsource to licensed providers

Caption: Outsourcing cybersecurity can be an effective way to benefit from professional protection without incurring overhead costs.

Running an in-house cybersecurity team is extremely costly, as it requires hiring industry experts, setting-up and maintaining the necessary infrastructure and technology.

By working with a licensed cybersecurity service provider, especially for specialized tasks like penetration testing and surveillance, your organisation is able to enjoy the benefits of expert-level cyber security without the overhead costs of maintaining an internal team.

Cybersecurity compliance under Malaysia’s Act 854 does not have to be a financial burden. By taking inspiration from the tips we’ve listed, we are confident that businesses of every size can meet compliance requirements while keeping costs manageable.

We hope that our advice was useful in your journey toward improving your cyber security. If you have any further inquiries about Act 854 or how we can help your business, feel free to reach out to us at [email protected].

Linkedin