Secrets Revealed--How To Grow Business Not Get Hacked🔥 Artwork

Cyber Crime Junkies

Translating Cyber into Plain Terms. Newest AI, Social Engineering, and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research, and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manage cyber risk.

Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast

All Episodes

Cyber Crime Junkies

Secrets Revealed--How To Grow Business Not Get Hacked🔥

February 19, 2025 • Cyber Crime Junkies. Host David Mauro. • Season 6 • Episode 53

🚨 New episode 🚨 host David Mauro engages with technology and security leaders to explore the critical roles of Network Operations Centers (NOC) and Security Operations Centers (SOC) in modern businesses.

The discussion highlights how to grow business not get hacked, Navigating the NOC and SOC Landscape, New Ways To Use Tech For Business And Not Get Breached, And How To Avoid Business Data Breaches. What Leaders Should Know.

Chapters

· 00:00 How To Grow Business Not Get Hacked
· 05:11 Networks And Security. What Leaders Need To Know
· 10:08 Top Ways To Leverage Tech And Reduce Breaches
· 19:55. How To Avoid Business Data Breaches
· 30:13 What Small Business Needs To Know About Stopping Breaches

Send us a text

Grow without Interruption. Stop Breaches. Leverage Advances in Technology with NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

🔥 Secrets Revealed--How To Grow Business Not Get Hacked🔥

Chapters

· 00:00 How To Grow Business Not Get Hacked

· 05:11 Networks And Security. What Leaders Need To Know

· 10:08 Top Ways To Leverage Tech And Reduce Breaches

· 19:55. How To Avoid Business Data Breaches

· 30:13 What Small Business Needs To Know About Stopping Breaches

Topics: How To Grow Business Not Get Hacked, New Ways To Use Tech For Business And Not Get Breached, Benefit Of Story Telling To Explain Cyber Risk, New Ways To Leverage Tech And Reduce Breaches , Top Ways To Leverage Tech And Reduce Breaches, How To Use Technology At Work Without Getting Breached, How To Use Technology Without Getting Breached, How To Avoid Business Data Breaches, How To Avoid Business Data Breaches. What Leaders Should Know, What Small Business Needs To Know About Stopping Breaches, How To Grow Business And Not Get Hacked, Business Growth Without Cyber Interruption, Networks And Security. What Leaders Need To Know, Networks And Security. What Business Leaders Need To Know, Managed It Vs Managed Security Explained, Managed It , Managed Security, NOC, SOC, Network Operations Center, Security Operations Center, Managed Security Explained, Important differences between managed it and managed security, important differences between network monitoring and soc, differences in network monitoring vs security monitoring, business impact of network monitoring vs security monitoring, network monitoring vs security monitoring, cybersecurity, small business, technology management, client success, digital transformation, IT operations

Summary

The discussion highlights the differences and similarities between NOC and SOC, their importance in maintaining operational efficiency and security, and how they work together to support small and mid-sized businesses. The conversation also delves into real-world applications, client success stories, and the necessity of outsourcing these services to ensure business continuity and growth.

Takeaways

• Understanding client needs is crucial for technology implementation.

• NOC focuses on network health and operational efficiency.

• SOC is essential for proactive threat management and security.

• Digital transformation has increased the reliance on technology.

• Outsourcing NOC and SOC services can enhance business resilience.

• Automation plays a key role in monitoring and remediation.

• Collaboration between NOC and SOC is vital for effective security.

• Compliance requirements drive data storage and management needs.

• The growth of data in SMBs necessitates robust IT solutions.

• Effective communication of technical issues to clients is essential.

Speaker 1 (00:01.614)
you

Speaker 2 (00:16.334)
Join us as we go behind the scenes of today's most notorious cybercrime, translating cybersecurity into everyday language that's practical and easy to understand. appreciate you making this an award-winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies, and now the show.

you

you

Speaker 2 (00:54.15)
I'm your host David Morrow and in the studio today we have some consummate technology and security leaders that we're really excited about bringing to you. We have Scott Logan and I'll have Scott introduce himself and we have Jesse who runs our entire operations. We're very excited to have you as well, Jesse. And then also joining us is Bruce is one of our client success managers, really the voice of the customer.

in the SMB space. Today, we're going to be talking about the integral operations of a network operation center and a security operation center, how they're similar, how they're different, what they are and why, and you know, why businesses need them and use them on a regular basis. And then kind of what it means for leadership in small business. So gentlemen, thank you for joining us. Thank you for having me. Yeah, we're, we're really excited about having you.

Jesse, why don't you go ahead and please introduce yourself, explain to everybody your current role and kind of, you know, how you serve small mid-sized businesses.

Yeah. So David, obviously you know me, Jesse Kirkendall. I am the vice president of operations for NetGain Technologies. I've been with the organization for a little over 11 years now and have served in a multitude of roles that have given me a whole lot of skills along the way to understand both client needs, desires, and a little bit of the psyche that engineers struggle with day to day in terms of problem solving. My role really at a high level is

defining the strategic direction for our security, our managed services, and our project services, along with the directors that serve in each of those individual sectors. Our approach for clients has always been, at least from my viewpoint, understanding their business first, to understand why they exist as an organization, how they serve their own client base, and then how can we make technology more intentional and useful for them.

Speaker 1 (02:55.028)
in how they drive their day-to-day business. If it's not serving a purpose or mitigating risk, it's just wasting overhead. So we always want technology to be useful and intentional in how it's held together.

Excellent. Yeah, that is that is a you said that perfectly. I mean that that's exactly the the mission behind everything that we do. Scott, please introduce yourself. Tell us tell us your role and how how you serve organizations.

Awesome, thank you David. My name is Scott Logan. the Director of Security for NetGain Technologies. So what does that mean to be a Director of Security? That means I have to provide security services for NetGain as an MSP. Our responsibility to keep the client safe that we support in a managed service offering is very important, not only to each client, but also to our company. Once again, as an MSP, our compliance requirements, our abilities to keep our clients safe.

And then we also provide MSSP services directly to clients, security services, security provisioning, how their security is orchestrated, how their compliance needs to be aligned, and we provide security tools to help them achieve that.

Excellent. Bruce, introduce yourself, my friend.

Speaker 3 (04:08.718)
Hi David, I'm a client success manager here at NetGain. I started in the industry kind of in 1989 as a database administrator in the Marine Corps and then spent a lot of years at the community college as a project manager in IT and did help desk and desktop support before that. I've been in the MSP space for about six years and recently migrated to the client success management role after some time as a service delivery manager. So for me, it's how do we understand

what the technology does for the client. Their job isn't necessarily technology. for us to understand what the SMB's core competencies and businesses are and how our tool set, which is technology, helps them and when they need to grab it off the shelf and use it, that it's ready to go.

Excellent. Yeah, thanks so much. I mean, I want to define terms because we use, we hear terms like NOC and sock and you know, NOC, network operation center and sock security operations center. And, there's really two different roles and purposes. But before we get there, I think what you guys brought up was really interesting. And that is our clients aren't in the business of most of them aren't in the business of technology, right? They are in the business of

practicing law, practicing medicine, conducting financial practices, right? They are building and manufacturing things. know, times have changed in the last few years. you know, would you guys agree, like 20 years ago, we really had two versions of our world. We had our physical world where we could, you know, conduct business and we had our computers in the office and around.

And if the computers went down, it was inconvenient, but we could still function. I mean, we could still, you know, engage in new business, make payroll, engage in transactions, help out employees. But today it seems so many organizations have gone through digital transformation and everything is either online or in a device somewhere. So that when things go down, whether it's

Speaker 2 (06:16.194)
from a cyber attack or from an outage or from a malfunction in the operations of a system. Organizations really, really suffer more than ever. Is that what you guys are seeing as well?

Yeah, absolutely. And because of that shift from analog to digital, think the ability to fail over, let's say to something that's physical, whether that's taking orders, medical records, whatever else, it becomes a lot more clunky. And so of course the need for high availability for systems that can integrate and sustain those types of risks, whether that's. So we have power outage, like you said, some sort of security risks, the ability to maintain.

and have as little interruption as possible. But for the sake of your employees as well as your client base, it becomes more more important. And a little to your point, I mean, that is one of the core functions of a NOC, a NOC is really to maintain visibility on how the network's operating, allow it to run as optimally as possible, ideally to find thresholds for what looks like something that could be an indicator of problems to come or what is a legitimate problem that requires action.

in immediate action.

Excellent. Yeah, absolutely. So let's define some terms and NOC when when business owners who are not in the technology fields, right, they are doing what they went to school for and what they've been very successful at doing. They're growing their brands, right? When they when they hear the phrase NOC and sock, I hear them, you know, use them interchangeably, they don't really understand it. And it's fine, because that's not their field. Explain to us what is a NOC?

Speaker 2 (07:58.304)
And then we can get into kind of what are the benefits of a small and mid-sized business leveraging a outsourced or contracted service that provides those services.

It's interesting when you think about a NOC or sock, because I think just from a stereotypical viewpoint, they're really one and the same in the sense that it's a room full of people likely behind computer screens with all sorts of graphs and widgets and other things that they're looking at. But to your point, what they're looking at and how they're responding are vastly different. And so for those that are in a NOC, I mean, what they are looking at is monitoring health points across

hardware infrastructure, could be a server, could be switch, could be virtual machines, containers, anything that's running something from let's say a Windows or Linux based operating system all the way to application monitoring where we may be monitoring for is an application running? Is it actually processing authentication requests? Can it log into it? That's one of the things that I think I've discussed with clients before where there's two types of ways that we can monitor.

If you think about a patient in the ER, it's one thing to just yell inside the room and ask them if they're doing okay and hope they're going to yell back versus having all the oximeter and pulse meter and all the other tools that a medical professional would use to monitor the response. Yeah. And so I think a big difference too is just waiting for an alert to come in versus actually seeing the screen of positive results and health going on throughout the client's network to make sure that one, we are monitoring it.

we're seeing good things and know that should it change, we're not in the dark on what this might be.

Speaker 2 (09:43.752)
Absolutely. And then there's an element of not just reactive support there too, I would think that there's proactive things, meaning when something does come across as dis-based, getting full, something going off, like you're able to foresee future problems and then remediate that, fix that ahead of time. Sometimes in the middle of the night, sometimes while people are busy doing other things.

Absolutely. Yeah, and I would say that's one of the things that scripting and I guess more so recently automation have been able to help us with where based on those predictive trends, if we're able to look at the past three months and see to your example, storage growth has steadily increased at some sort of percent or an amount of data over a period of time. And then we see something that's an anomaly, a data spike or data growth over overnight. We can also use that to understand that somebody

dump some data that maybe we weren't communicated to as a partner of the client. They are adding some sort of an offsite application, maybe something new. And I think to your other point, really using those to trend and forecast for things that we might need in that case. Yeah, we've seen this amount of data growth over the past six months based on how much free space we need. know that we're going to need to buy either additional storage or if we don't have the space for storage and say a SAN or some sort of storage appliance, we might have to a whole new

and then start to discuss what that could look like when we come to the point of making that technology transition. Maybe we don't want to keep with what is standard today, say a storage appliance, and talk about how we leverage public cloud repos, private cloud, or anything else that's an option to us.

That's fantastic. I've got to imagine that most SMB customers are just growing exponentially, most likely even more so than a lot of leadership would realize the amount of data everybody keeps. Right? Like it's just vast amounts. When you think of all of the data that we constantly are consuming and generating and receiving in and sending out, it's just got to be, it's just monumental growth.

Speaker 1 (11:57.056)
It grows tremendously and especially with a lot of compliance driven clients, know, we're required to store a certain amount of data. And so, you know, as our customer base grows, that could be a forced multiplier on how much data we need to store, particularly if we're housing client data or even if it's just transactional records on how we're doing business with them. So not to mention that, you know, think we have times where personal and professional lines blur, particularly when people work from home and, and maybe you do have something that's a either.

photos that are personal in nature or other media that's on at least a work PC that one, we need to control from a security perspective to ensure that we're segmenting those lines of what the organization can allow on the network and ensuring that little to your point that we're not wasting company resources on storing data that's not serving a purpose of the business.

Absolutely. That network operation center monitoring management remediation that goes on 24 seconds technology really like the business may have open hours and closed hours and things like that, but their servers, their their public facing information, all that goes on 24 7 365 does.

It has to, yeah. Because unfortunately, it seems that the problems are always going to happen when you're not looking. Expression of watch pot never boils. That's one of the reasons why we ourselves started, you know, at least staying open on Christmas and other holidays where we don't want to walk in and find the pots boiled over. I know our clients certainly don't either. So again, that's, that's an area where automation always helps. You know, we can.

take some action that we know is commonplace for with the disk space analogy. Let's purge Windows updates that are no longer needed, clear out temp files, recycle bit. And so some of that can help, particularly at times where you're not staring directly at the.

Speaker 2 (13:50.882)
That's excellent. now mentioning the things that happen when people are likely. I mean, that's a good segue over to the security operation center because breaches tend to happen on 4th of July and Christmas holidays and, you know, various Memorial Day weekends. It's like the threat actors know when people are not or least expecting it or least are.

That's a natural play, The threat actors want to take advantage of systems when they're least monitored, least approached, IT is not in-house or not available. They want to take advantages of those lacks, those gaps and try to be able to execute some level of interaction within those platforms. Security Operations Center has to be on scale 24-7, 365 as well because they never sleep.

and the sun goes around the world, don't know what time frame the attackers are coming from. So we have to be ready to be able to react to those threats.

Well, that's a good point. Bruce and I talk about this all the time and that is what, a lot of people don't realize is when you get online, like they might be physically in Lexington, Kentucky, or they might be physically an hour outside of Wichita and they are physically safe. They feel safe. They're in familiar environments. They know the people around them, but when they get online, they enter a global world, right? That doesn't have boundaries.

They're not all from the Midwest. They're not all American, right? Like we're entering their world and there are, you know, people for whatever reason that, that wanted to target people, right? And it's not even necessarily the individual small business that they even want to target, but it could be a whole host of reasons, right? It could be they do business with a bigger target and they want to use you to leverage to get over there.

Speaker 2 (15:52.948)
Or you get swept up in some larger campaign that they're doing for extortion or ransomware or something like that. And your IP or your vulnerability just happens to be on some list that is sold on.

Most attacks are not targeted, they're random. They're just throwing spiders out there and whoever answers the call is the threat. they're rarely targeted. I'm not saying there's not targeted attacks, there certainly are. But most attacks, most of the SMB space fall victim to strip simply because somebody responded to something that was asking.

Yeah. Or it's a slight, it's like a supply chain, right? Or the vendor meaning they've, they've compromised a larger vendor where they're able to impersonate that vendor and they have the list that they're able to buy on the dark web of, of every SMB that's using that vendor. And then they're going to go and try and socially engineer all of those SMBs in a large campaign. Right.

It's kind of like locking your front door, you know, you do it to keep people out. So with some of these security vulnerabilities, you think about the ability to check a thousand doors at once to see who forgot to unlock it. know, Scott's point there that I was targeted and sometimes are just looking for who forgot to the door or who has locked is prone to failure.

Well, given that both of them operate 24 seven, three 65, and they have these highly skilled engineers operating in those systems, that to me is an obvious reason why most SMBs will outsource that because as a business owner, you've got an option of builder by right. And to build your own, you know,

Speaker 2 (17:36.266)
enterprise of technology when that's not what your business is. Your business is building widgets, practicing medicine, right? And you want to focus on that. It really does make sense to, to leverage that scale and that expertise of MSPs and MSSPs like NetGain and others, right?

Absolutely. Operating a SOC requires security professionals that are not just readily available. Absolutely. If you're operating out of Knoxville, Tennessee, Cincinnati, Ohio, you may be able to find resources of that caliber to be able to utilize. If you're operating out of Southwest City, Missouri, they're hard to find. You're not going to be able to just round them up anytime you can get one. So operating and utilizing companies like NetGain that provide those services is really something that a business

shortage in fact.

Speaker 4 (18:26.464)
needs to leverage, if not for their compliance simply from their operational requirements.

Absolutely. And I would say the same thing or similar to a large degree for, for network operations center services, because it's still a time consuming, expensive test to build internally your entire network team and all of that. Like, how are you going to, as a business owner, how are you going to know how to manage that? Right. And why would you want to, right? You want to focus on what you went to school for and what you are, are trying to build your, your organization's brand into.

wanted to be a distraction from growth of your business. One, and Scott's point, particularly for security, but certainly for NOC, you know, when disaster strikes, you don't want somebody that doesn't know exactly what needs to happen, particularly somebody that has, you know, a wealth of experience from seeing in such a variety of different types of issues, situations, client business make-ups, infrastructure, technology make-ups, to be able to dive in head first with confidence.

to know how to handle that. Obviously there's that cost and these tools aren't cheap, even just from administrative overhead training, understanding how to get the best out of a product, figuring out what product to use. But some of these tools from a monitoring standpoint can cost upwards of $10 per endpoint. So, there's a lot of product costs. And so as a provider with lots of clients that does allow us to

Watch kids expensive

Speaker 1 (19:56.054)
negotiate some further discounts, which then we're able to transition to our customers. So, because ultimately it's the service we want to be able to provide to them more than anything else.

Since the COVID era, a lot of businesses have shifted their architectural footprint. They're no longer on-site, on-premise IT. They're transitioning off to the cloud. Having somebody that can support both sides of the house, whether that you've already transitioned or you're in the process of transitioning and migrating to the cloud, you need somebody that is certified and aware of how to operate within either of those platforms, if not both in a hybrid approach.

Absolutely.

tying all this in for the client. Recently, I had a chance to sit with one of Scott's lead engineers and one of Jesse's lead engineers with a client and do a tabletop exercise. It was a healthcare client, assisted living type facility. the tabletop exercise was an off hours like Friday night when everybody's doing something more fun for NATO. What was really interesting to me is

You know, if they didn't have the tools that we have in the NOC and in the SOC to make sure that their technology was ready for them when they needed it. So we're monitoring that stuff 24 seven. So while there's a tornado, you know, we are, you know, maybe observing the carriers are down and come back up or whatever, but we're working that while they're nailing up blankets over glass to protect the resident.

Speaker 2 (21:30.836)
Excellent point, right? Like they're dealing with the physical reality. We're dealing with the world facing and the internal digital reality.

And that's an excellent argument for outsourcing to an MSP, MSSP like us, because if they do that, then the IT guy isn't nailing up blankets or the IT lady isn't nailing up blankets with the other employees, right? So then you end up having the IT is always available. You know, that's that's our whole purpose of the 24 seven operation of both the NOC and the sock. And so while Scott's team is making sure that none of their environment is infected or a breach.

Jesse's team is making sure that it's available to them after they get all the windows covered and do all the things. They had a whole list. It was amazing to listen to. Then they go and they grab that toolbox that is technology and say, okay, now I need to put these patient meds into the system on the network. that has to be, the system has to be there, the network has to be there so that the patient meds are recorded in real time in case they have to send up.

Yeah.

Well, and if they have to send a resident to admit in the hospital, they have to transfer those records through, they have to print them and transfer them through technology, you know, digitally. So all that has to be available if they get into a situation where they do have to like exfiltrate residents to hospitals and things. They have to send their records along.

Speaker 2 (22:55.404)
Yeah, that's a great real real life example. I appreciate that. That's good. So the engineers that are inside the sock and the NOC, there's different kind of career skill sets that each one has, right? Like there's a whole host of certifications. There's obviously undergraduate degrees. Some do some down. But the point is, is generally there's a knowledge base and a skill base in these certifications. And, and like there,

they're kind of different, aren't they? Like, can you guys kind of explain, you know, some of the, I mean, we don't, I'm not talking about the specific certification names or types, but generally some of the skillsets that get developed for each one, because as I understand it, as not an engineer, the tool sets that are being used, and even though you might sometimes be looking at the same technology, you're looking at it for different reasons. So, or you're looking at different aspects of it, right?

So can you guys walk us through that?

think for us, what we've always found as a well-rounded engineer is a great base to start, but you're exactly right. mean, from there, typically somebody finds their niche, an area they want to grow, something they just enjoy more. And so, you know, for somebody that's operating out of the NOC, they're definitely focused more on, you know, infrastructure management. You know, I think data, data management, storage pooling.

just networking concepts, dynamic networking concepts. How do we route via OSDF, PGP, understanding the specifics of how a packet of data moves from point A to point B so that when we do have a problem, we can dig into the weeds and understand where that issue is. If it's hardware level, somewhere on the entire OSI model as we use in troubleshooting to see where is the problem.

Speaker 1 (24:51.252)
And so on the security side, Scott, can speak more to it, but we're thinking about forensics. There is a lot of log review and that is dense information to be able to parse through and ultimately find Waldo, so to speak. think being able to develop an eye for that, takes years to be able to understand one vendor specific information, tools that maybe we're using to aggregate those logs and then constant refinement of what we.

expect to see because the other side of that coin is we don't want to be alerted just when we burn a little bit of bacon in the oven. So those false positives can be noise that actually distract us from real problems, particularly from the sock sides. On the security side, it's a lot of forensics. It's understanding a policy. It's understanding the controls that are needed, whether that's perimeter security and point security, and then also how those integrate together because security ultimately needs to come in a fabric.

in layers.

Yeah, the analytics that's required to be able to diagnose a issue or a threat in an infrastructure requires a great understanding about how security applies to the organization. Jesse made the point earlier about a patient in the hospital, how, you know, the, the NOC is looking at its heartbeat. He's looking at its blood pressure. He's looking at key points of keeping that patient alive. Security is more about why that patient has a fever.

or why the pain is occurring here. It's more diagnosis of it than it is the actual issue itself. And security is a interesting platform in that effort. And I think that's why it's really drawn a great deal of interest in college studies in towards security. It's because of the detail of forensics, the detail of defining, capturing the flag, if you will, of a threat.

Speaker 4 (26:48.578)
That is a challenge and a lot of fun for those that are working in that platform. Try to make that diagnosis and make that understanding of why that patient has a fever. It's kind of interesting.

Yeah, absolutely. I mean, to me, it's always that that threat hunting for anomalies, right? Like, I always think of, know, there are things that otherwise are innocent, like behavior that otherwise are innocent. But in this context, it's an anomaly. Like in this context, it's not right. And you can you can then decipher and figure out that behavior is wrong. Something's going on. Right. And so it's it's really kind of digital crime fighting.

the way I look at it and, the NOC is like the digital Superman that is keeping everything going, right? Like that, is saving the day. So let me ask this, let's say, because I want to address, but before we wrap up, I want to address how the two work together because small midsize organizations need both of them, right? Whether you build it or whether you buy it. If you're using technology today, clearly an organization needs both because security

is going to help you reduce the risk of getting otherwise interrupted while you're building your growth and your brand. And the network operation center is going to allow you to grow and it's going to allow you to maximize and leverage those advances in technology. like walk us through how you guys work together. In my mind, I always think of should there be bad behavior found, right?

exfiltrated data, an anomaly, somebody's moving laterally from one account to another, they're moving, you know, they're trying to escalate privileges and get up so that way they could ultimately launch a ransomware attack on everything, something like that. But then you need to go back to the NOC, right, to actually take the action sometimes. I mean, there are certain security tools that will take the action, but it depends on what it is, clearly, but they both work hand in hand again.

Speaker 4 (28:52.81)
In most cases, right? And so in most security definitions of threat, it usually is corresponding to either a vulnerability that already exists within it or an active threat that's currently happening on it. In either case, we would leverage the NOC to say, can you guys patch this instance? Can you guys change this configuration? Can you do something physically to the infrastructure to reduce the threat?

that's currently leveraged against the client. That's how we work together. The NOC has direct influence hands-on into the infrastructure. can make change. Security is more about the analytics of what's happening within the infrastructure from a security perspective, from a threat perspective, and we leverage the NOC. Once again, they're our hands-on to the infrastructure.

Yeah, I those two have to marry well. And I think to Scott's point or your example, you know, in those situations, there has to be a conversation about what we're seeing. Let's say that there is some something that's on the network traversing, moving laterally. It's, know, Hey, what, what IP space or areas that moving in the network, can we isolate it to that shut down a particular area so that it can't go further or maybe in effect are more critical assets.

We don't already have controls in place limiting that. And then from the security side, it's what are we seeing? Seeing what indicators of compromise are there that maybe give us an answer, at least a pointer to where this even got to the network to start with. Maybe that's patient zero. Maybe that was vulnerability on a particular perimeter endpoint. Maybe it was a threat actor that somehow got something inside the network. And so part of that is identification from the SOC side. And I think

mitigation or I guess it's really controlled to limit how far something could continue to move. Ultimately trying to lock it in the bathroom so it's stuck there until we can finally purge it.

Speaker 2 (30:54.111)
Exactly.

The is making us aware of something, maybe the network traffic has diminished or the circuit is no longer performing at the level that it used to perform at. They could leverage the security team to say, why? What is happening at the firewall that is causing this? Where is it coming from? Where is it going to? And we can give that information. But we may not have initially found that unless the NOC told us that, hey, we're seeing a diminished performance measurement.

within their network, can you tell us why? And that's how we can marry together. So not only are we telling them information where they can put their hands on and correct it, but they can also leverage us to say, why? Why is this happening on the network?

Well, and that gets to your point, Jesse, about the importance of having a well-rounded network operations center engineer, right? Because they're also thinking about potential security. They're thinking about all of the things and they realize somebody needs to look at this. They communicate with the SOC, right? Because they have that sense of, need to understand a little bit more here, right? As opposed to something more innocuous and their experience and their training will give them something.

these tools provide, all these tools that these engineers and both of these teams are using, they also provide recording those tools do, those monitoring tools. And then that's something that we can present to the client from our team to show them the work that's being done to safeguard their network, their servers, their computers, their users, and also to ensure that they have their working toolbox to do whatever it is that they do. That recording can be invaluable. Some of it's required by their compliance.

Speaker 3 (32:36.142)
and we meet those needs for them and everything because we're a SOC 2 shop and all of that. also, one of things that I was going say earlier is it's amazing to me to watch these two teams when we get that panic phone call from an SMB that isn't a client and says, you know, hey, all the files on my desktop are a blank little white icon that I don't know what it is and I can't open anything.

And they want you to download a TOX channel and negotiate with a ransomware gang that's very good at their job. That's not fun.

Right? We actually get clients out of that process, you know, a few of them. So they'll reach out because they've got behavior that they can identify is not right. And then to watch Scott and Jesse's teams, you know, work that either on a for hire basis or turn around and onboard them as a client. Right. And our onboarding process puts all these tools in place for these two sets of engineers.

to use to make sure the client's environment is safeguarded and available to them. Because that's what it's really about, right? Is availability of the environment. If I'm a car dealership, I care about talking to a person who might buy a car. And everything else I do is to get that signature on that car. And so the computer is just something they use to get to their software as a service or whatever is that they're using. And it has to be available.

And the role, know that we're wrapping up and we're winding down, but the role that you, that you mentioned about translating what these two entities do for an organization in, that client success role is really important, right? Because the businesses don't care necessarily what the NOC does or what the SOC does. They care about what impact it has on them. They care about what they care about, right? And they care about the business that they're growing.

Speaker 2 (34:35.078)
and the mitigating the risks that they have and understanding them. Right. And the way that net gain and, all of your roles are in the translating of that into the business impact. It's absolutely outstanding. Like it's really, really impactful. Like, yeah, you know, it's not about the bits and bytes, but it's about the, what does this mean in reality for us? Right.

go back to Jesse's analogy of the patient in the hospital. The medical team has taken these diagnostics and has a chart of these diagnostics and Scott's team has done the research to find out what's caused the ailment. then what we do in our team is we can present that to the client on a periodic business review and say, hey, these are the things that are going on in your environment. These are the things that we suggest.

your lead engineers have looked into and we think you need, whether it's computers or hardware that's going into life and you need to replace it because it's going to become vulnerable in Scott's world because it can't be patched anymore. Or maybe it's you don't have the right network and Jesse's team has identified a way to make your network behave better for you. And we can suggest some things to help you implement

with our project team.

Well, fantastic. Well, I want to thank everybody for attending. Guys, thank you so much for the insight and I hope that the listeners and the viewers understand a little better now the difference between the sock and the NOC and how they both interrelate and the benefits to engaging in these services to help organizations grow and grow without interruption because that's really our whole goal. So thank you everybody.

Speaker 2 (36:27.422)
and we'll see you everybody again soon. Thanks.

Speaker 2 (36:34.958)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award-winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.

People on this episode

David Mauro

Host

Cyber Crime Junkies