Corp-CSOC-cybersecurity operations center-1920-1080.png

Viasat cyber security operations center (CSOC): Dedicated to guarding our partners' data and communication networks

04-15-2025

3-minute read 

Learn more about our proactive approach for uncovering and defending against cyber criminals

In the ever-evolving landscape of cybersecurity,  Viasat’s Cyber Security Operations Center (CSOC) stands as a bastion of defense against a myriad of threats. The CSOC plays a crucial role in safeguarding the networks and data of our defense, government, and commercial partners.

A day in the life of the CSOC

A typical day at the CSOC is a whirlwind of activity. "We have upwards of 500 billion security-relevant events come into our purview every day," explains Lee Chieffalo, Viasat’s Technical Director for Cyber Security Operations. "We have a lot of automation and orchestration in place to help aggregate, categorize, and prioritize those events to get in front of our team so we can determine if any action needs to take place."

Top 5 security events CSOC addresses
  • Malicious reconnaissance:  This is when a bot or “zombie” scans or probes our network looking for a foothold to do further damage or get more information that they can use to exploit things further. 
  • Botnet propagation through internet-of-things (IoT) devices: Botnets tailored toward the infection of IoT devices to use them as a springboard to commit further attacks against targets within and external to ViaSat
  • Distributed Denial of Service (DDoS): These are volumetric attacks designed to degrade and deny our ability to provide service. 
  • Social engineering: Most advanced groups gain their foothold in a company by attacking its people vs. its technology.  We ensure there is a monitoring and response capability that can detect and respond to the phishing, pharming, and other types of social engineering attacks
  • Data exfiltration: This is where sensitive data is accessed and stolen from a location on the network and an attempt is made to move to an external location we do not control.  
The scope and breadth of the risk we have to mitigate daily is not getting any smaller or easier. However, it is a fight that we are proud to take on and enjoy doing.

Lee Chieffalo, Technical Director for Cyber Security Operations

Much of the day is dedicated to research. The team works through various sources of intelligence and data to build a behavioral profile of malicious traffic. If the CSOC identifies any risky behavior, we employ proven strategies to reduce or minimize that risk without disrupting our customers’ daily operations.  The team often acts as the "misconfiguration police," spotting and fixing configuration issues that might have been missed.

 

A CSOC team also conducts cyberattack simulations to gage the ability to defend and respond to a threat. This team, which is known as the Purple Team, is a hybrid of a Red Team and a Blue Team. The Red team engages in offensive operations and emulates an attacker, and the Blue Team engages in defensive operations, tasked with the detection and mitigation of cyber risk.

 

“Our Red Team will emulate an attacker and target our systems from inside the network (post-breach mentality) and from outside the network (pre-breach mentality)," Chieffalo explains. This simulation helps us make sure our behavior analytics can spot systems being tested or attacked, and that our response is both quick and effective.

 

Additionally, the CSOC engages in consulting with development and engineering teams across Viasat. These engagements allow us to strengthen and better protect our customers from malicious actors and provides insights on how we can generate more accurate and useful data for our systems. “We keep an accurate and efficient eye on the system to ensure things are not going awry," Chieffalo notes.

Mission and support

The CSOC's primary mission is to reduce risk for Viasat and its clients. "From the Viasat angle, our mission is to identify business risk and operational risk to our network and our ability to deliver service," Chieffalo states. "We are also charged with protecting the intellectual property and research and development data we create as a company, ensuring that it isn’t stolen, leaked, or accessed by people that shouldn’t be accessing it."

 

For their clients, the CSOC acts as an augmentation to their existing security services. "We ensure we feed them the data and intelligence they need in order to be able to make a more accurate and informed decision about their security posture," Chieffalo says. The CSOC currently supports the US Department of Defense (DoD), UK Ministry of Defence (MoD), US Department of Homeland Security (DHS), and multiple commercial airlines and critical infrastructure services.

Collaborative efforts

Collaboration is a cornerstone of the CSOC's operations.  Through these critical partnerships, we are able to  share intelligence and behaviors to more accurately build detection methods. Organizations we collaborate with include: 

  • U.S. Air Force
  • U.S. Marine Corps
  • Federal Bureau of Investigation
  • Department of Homeland Security
  • National Security Agency
  • Sharing and analysis centers (ISACs) in aviation, telecommunications, DoD, and oil and gas
Facing the challenges

The CSOC at Viasat is not just a department; it's a frontline in the ongoing battle to protect critical systems and data. At the CSOC, security is everyone’s role. The organizations that are attacking us are highly skilled and well-resourced, and they only have to be right once.

Get Viasat Connects
Subscribe to Viasat Connects newsletter