The modern battlespace is all about combined arms. All the various weapons of war – infantry, tanks, artillery, aircraft – must operate in tight coordination, enhancing each other’s strengths so that the whole is greater than the sum of its parts.
For the cyber-warriors at Viasat’s Cyber Security Operations Center, or CSOC, the battlefield is digital but the tactics are the same. The people who keep our data safe from thieves and spies have to work as a team.
They have no choice, given the magnitude of the threats they face.
“Within a 24-hour period we use big data analytics on over 2.4 billion events across our network,” said Ken Peterman, Viasat’s president of Government Systems.
The cyber-warriors in the CSOC know it’s not enough to spot a potential threat and warn a customer. To be effective, the CSOC must quickly determine which security events are benign, and which is a hacker trying to breach a network or infect a computer and act accordingly.
“The Viasat CSOC is a key component to our integrated cybersecurity model, which processes over 35 terabytes of metadata every day,” Peterman said. “Our CSOC and deep cybersecurity expertise allows us to provide a premier level of cybersecurity services that create highly relevant, actionable intelligence to maintain a vigilant and watchful defense against some of the world’s most advanced adversaries.”
The right tools with the right people using them is key.
“Trained cyber-warriors can detect a threat with ease with the right tools and data set,” said Paul Keener, director of Viasat’s CSOC. “It’s essential to have someone who knows what they are looking at. Someone who can make intelligent, informed decisions.”
Threat modeling
That’s where the teamwork comes in. Viasat’s CSOC comprises multiple separate, but mutually supporting, capabilities:
- Cyber security analytics develop the threat intelligence modeling and machine learning that underpin the CSOC’s efforts.
- The CSOC development team builds the automated tools that monitor networks and detect cyber threats.
- Cyber infrastructure engineering handles the security architecture.
- Cyber threat intelligence identifies, contextualizes, and tracks threats in coordination with government and private organizations.
All of which feeds the CSOC’s cyber detection and response mission. Think of it as a pyramid, with cyber detection and response as the apex that protects the customer. Yet all of the other capabilities are vital, because a pyramid is only as strong as its foundation.
Viasat’s CSOC is unique among security operations centers, says Keener, a former U.S. Marine Corps cyber and communications officer. Because Viasat is an ISP as well as a satellite communications company, extraordinary amounts of traffic flow through its network on a daily basis. This creates a petabyte of metadata in a month, an immense pool of information the CSOC can analyze for early warning of threats. With all of this information one thing is clear: big data and cyber analytics are the new battlespace for cyber warfare.
This means users don’t just get access to a network, but “secure access that is continually monitored by the CSOC,” Peterman says. And being part of a commercial SATCOM provider gives Viasat’s CSOC guaranteed access to whatever bandwidth it needs.
“Most CSOCs require a terrestrial connection,” Peterman said. “We can do it by satellite.”
Insights into a variety of threats
While most Security Operations Centers exist strictly to support their organization’s internal operations, Viasat’s CSOC is also unique in that it doesn’t just protect Viasat’s SATCOM customers: It’s available to provide network security for any organization.
“The enormous diversity of Viasat’s subscriber base provides insights into a wide range of threats,” Peterman said. “Having access to a vast amount of traffic (consumers, community Wi-Fi users, enterprise, maritime, aeronautical and government customers) across our network, provides us with a rich set of data to fight various adversaries.”
“We have insight into some of the most sophisticated cyber threats in the world,” Peterman continued. “This allows us to accelerate our learning curve and truly differentiate our cybersecurity expertise and capabilities from other providers.”
As a result of its success, Viasat’s CSOC is rapidly increasing its global footprint. It now offers cybersecurity to allied government and private sector customers outside the United States and has plans for further growth over the next year.
Cyber threats are changing, says Keener. Once the issue was distributed-denial-of-service attacks that would swamp a network. Now, the problem is private and state-sponsored hackers devoting immense efforts either breaching networks to obtain data, or establishing a permanent foothold inside those networks.
Yet while technology has changed, the human element has not. To say that Keener is proud of his staff would be an understatement. He is not reticent to acknowledge that despite all the sophisticated technology, it’s people who make the difference. It is that sense of intuition, honed by years of experience that enables a human to sense a pattern where a machine does not.
“Without the people in the CSOC, there is no CSOC,” Peterman said. “We’re fortunate to have some of the best minds in the industry who are truly dedicated to protecting our customers’ information in today’s ever-evolving cyber threat landscape.”
This article has been updated from the original to amend the number of events analyzed and data processed.