The compromise of a security operations infrastructure could have a disabling effect on an organisation’s cyber defences. Where the value to an adversary is high, such as multi tenancy operations centres, so may be the level of sophistication and stealth that adversaries employ.
With many SOC environments based in large part on browser-based access to platforms and tools, the opportunity exists to adopt a simplified and locked-down endpoint and network architecture that can provide a high degree of assurance in the ongoing integrity of the monitoring environment, ensuring separation of duty between doers and viewers, and removing the possibility of event data leaving a defined customer boundary.
Paradox is a secure Linux-based operating system for end user devices, and has allowed Becrypt to provide high assurance endpoints into government and private sector environments that have needed a high degree of protection. The architecture employed ensures that devices remain in a known healthy state, with high-value low-volume security event information, providing high confidence to those who need to watch the watchers.