Sorry, you need to enable JavaScript to visit this website.
Operating SOCs in a Time of War April 20, 2022

by Jeanne Zepp

Cybersecurity is the buzzword of the day and a concern that’s on everyone’s mind. We are living in an age of heightened awareness precipitated most recently by the Russian invasion of Ukraine. Anticipating a transition from conventional warfare to cyber warfare, the alarms have been sounded to harden systems and heighten security awareness among user groups.

No organization is safe. While federal agencies do tend to have toolsets, coverage and monitoring operations that are more robust than most private sector companies, the government is not immune. Most recently, cybercriminals leveraged credentials or vulnerabilities involving SolarWinds software, Microsoft cloud services, and Microsoft and VMware products to gain unauthorized access to private sector and government data worldwide. Worse still, recognition of the breach went undetected for months in 2020.

Reactive stances are not the solution, and novel, proactive approaches are needed. We’re proud that Electrosoft is helping to lead the way in delivering premier cybersecurity services to federal agencies, especially by staffing and operating their Security Operations Centers (SOCs).


Electrosoft long ago recognized the possibilities that cloud offers. Beyond offering new tools and technologies that enhance cybersecurity staff capabilities and responses, the cloud confers greater reliability, expandability and ease of operations.

We thus embrace the novel view that today’s SOC is not so much a place (physical locale) but rather a functional team (experienced professionals) providing a service (cybersecurity) that can be delivered from any locale. This mindset affords limitless possibilities – and flexibility.

Today’s SOC is not so much a place (physical locale) but rather a functional team (experienced professionals) providing a service (cybersecurity) that can be delivered from any locale.

When COVID struck, for example, our SOC teams were among the first to go completely remote. Why? Because all our tools and applications were already cloud based. Plus, our team members already enjoyed partial remote work schedules, so were experienced in functioning as geographically dispersed teams. The transition was seamless and the SOCs staffed by Electrosoft personnel will remain off-site, even as federal workers return to government facilities. The rationale is simple: it works well!

One SOC team serviced over 3,000 endpoints/customers worldwide without interruption – and continues to do so – providing live monitoring 24/7 on a three-shift schedule. The quality of service is consistently high, reflecting teamwork as a core principle. Sophisticated collaboration tools enable all our cyber team members to share their screens with colleagues when suspicious events arise, just as they would in a traditional brick-and-mortar SOC. They jointly discuss what they are seeing online and together reach a consensus on how to conduct any subsequent investigation. When warranted, they develop Incident Response Plans and Procedures that reflect the best thinking of the team as a whole.

The same collaboration tools keep our teams “connected” and promote collegiality through regular team meetings and staff orientations. They also serve as a training vehicle for new skill development and updates as well as sharing of best practices.

Most of all, viewing today’s SOC as a service rather than as a facility enables Electrosoft to pull the best talent from a larger resource pool than ever before. Our current teams reflect cohesive staffs working from numerous states across multiple regions of the United States. Geographic dispersion adds yet another credential: adaptability. Should internet or power be lost in one locale, we can promptly respond to those circumstances and transition monitoring to an unaffected area.


Since the Russian invasion of Ukraine, everyone is operating in a heightened security environment. We’re all more security aware – customers and analysts alike.

Since the Russian invasion of Ukraine, everyone is operating in a heightened security environment. We are all more security aware.

We’re finding that the number of alerts is up, but the uptick is not because malicious attacks have gone up. The increase is a direct result of organizational efforts to increase security awareness among users. Our customers are more cautious in opening emails and more likely to report suspicious ones to our SOCs. Similarly, enterprise teams and help desks are more vigilant in reporting potential incidents to us.

SOC teams are approaching alerts in a different way, too. We are scrutinizing each one from a different perspective, appropriate to today’s climate. We are diving deeper into our investigations to assure that we aren’t missing an underlying attack. We also are ruling out malicious intent on the part of the person or entity making the report. It is quite possible that our actions could be purposely misdirected while some other malicious event was underway. Our vigilance level has never been higher.

Perhaps the predicted wave of cyberattacks is yet to come. Maybe they will never come as part of the Russia-Ukraine conflict. Whatever the future may hold, Electrosoft will continue to innovate on behalf of our federal customers and keep their systems and networks safe from malicious attacks through innovation and technical competence.

Return to Electroblog