Government SOC: Why is it essential to Government agencies?

January 12 2022, by James Rabey | Category: Government
Government SOC | Macquarie Government

A Security Operations Centre (SOC) is an essential component of every Government agency’s cybersecurity effort. A SOC monitors an agency’s IT environment for suspicious events, detecting and responding to threats and attacks.

Government SOCs also often have the responsibility for monitoring an agencies compliance to their Information Security (InfoSec) policies, including the whole of government regulations like Protective Security Policy Framework (PSPF) and ACSC Essential 8.

A typical Government SOC combines people, process and technology:

  • People: Engineers (usually in 3 tiers) who monitor, respond and conduct threat hunting.
  • Process: Playbooks and use cases for consistent detection and response to specific threats or targets.
  • Technology: SIEM (Security Information and Event Management) platforms for correlating and analysing the often millions of individual data points across the IT environment; and SOAR (Security Orchestration, Automation and Response) platforms to scale.

Government agencies need a SOC capability as Government is one of the most targeted sectors by cybersecurity actors, both state-based and criminal. According to the most recent ACSC Annual Cyber Threat Report, more than a third of all reported attacks were against Commonwealth and State Government entities. The sensitive data and increasingly critical services delivered through digital government make it a prime target for both financial and geopolitical gains.

Many agencies find the time, resources and upskilling needed to build an adequate Government SOC capability challenge. Recruiting – and retaining – sufficient staff with the required skills is difficult in a competitive recruitment market. According to AustCyber, Australia will need to add an additional 17000 cybersecurity experts by 2026. While the education sector is scaling up cybersecurity courses, the graduates they deliver will still fall way short of requirements for some years to come.

We provide 24×7 threat monitoring and response.

Macquarie Government has invested in building an expert and dedicated Government SOC that provides 24×7 threat monitoring and response. Our SOCaaS offering can be delivered as a fully managed service or operated alongside an agency’s internal team. By levering our pan-government experience, including over 4000 playbooks, agencies get an immediate cybersecurity uplift and the ability to allocate their resources to other cybersecurity functions.