Don’t tell my daughters, but I felt a strong feeling of parental pride in April – and it had nothing to do with them.
In case they’re reading this – doubtful, they’re 15 and 13, and this isn’t the type of screen based content they gravitate towards – I’d beseech them not to worry. Their exploits – sporting, schooling, tomfooling – will always take pride of place chez Boyd. Obviously.
In this particular case, though, I was basking in the glory of SOC.OS, a cyber security venture developed and spun out by BAE Systems, being bought by the UK cyber security company, Sophos. Talk about gratifying. But the acquisition is not just affirmation of our good idea from a few years ago. It’s also an important signal about the future of cyber security – its direction of travel, its strengths and the challenges which are taking shape over the horizon.
But what is SOC.OS though? Why has it already proven to be such a success?
Up and running
We’ve always said that the work of our Futures Team is about more than just blue-sky thinking, playing with new tech, or launching more of the same. As an internal innovation and venture incubation hub, we think innovation needs to be less about patents and investment, and more about hunting for the persistent problems that are – or will soon be – bringing harm to organisations.
It was against this backdrop that, in 2018, the germ of a new idea started to take shape: a SaaS tool automating alert triage which could help address the needs of a stretched IT security team.
Having explored over 100 real and persistent problems in the cyber security operations space, we developed a set of new concept ideas which were then market tested and refined, then tested and refined again, weeding out those that gained less interest until we had just a small number of high potential concept ideas left. It is from here that the early prototype of SOC.OS was first developed.
We envisaged a centralised security monitoring and investigation system, one designed to help small, internal security teams manage the ever-growing number of alerts produced by threat protection and detection tools – and that’s exactly what SOC.OS does.
It works by continuously analysing, triaging, and prioritising alerts, escalating the most important incidents to the IT security team for further review. Like all of our ventures, it was put through its paces with rigorous piloting and market validation, winning early adopting customers such as Natural History Museumand The University of Sussex by consistently cutting alert triage volumes by 90 per cent.
About the author
Matt Boyd is Head of Futures at BAE Systems Digital Intelligence
matt.boyd2@baesystems.com