SlideShare a Scribd company logo

Governance of Security Operation Centers (SOC

B
Brencil Kaimba

This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.

Data & Analytics
1 of 35
Download to read offline
Governance of Security Operation Centers Governance of Security Operation Centers Brencil Kaimba, Information Security Consultant, Serianu Limited.
© ISACA 2016. All Rights Reserved. #AFRICACACS Brencil Kaimba ISO 27001/2013 Certified SIEM deployment and analysis certified Information Security Consultant at Serianu Limited Email: brencil.kaimba@serianu.com About Me
© ISACA 2016. All Rights Reserved. #AFRICACACS Agenda  Disruptive Technology  The impact of Disruptive Technology on organizations.  Need for a Security Operations Center (SOC)  Designing an effective SOC  Operating a SOC  Qualities of an Analyst  Measuring the success of a SOC  Sustainable Governance
© ISACA 2016. All Rights Reserved. #AFRICACACS In recent years , the growth in technology and Innovation has been an engine of change, enabling people to do new things in ways that make old technology obsolete . This is what we call disruptive technology. Firms are in a race to match consumers to services and products. Customers are demanding more and more ease when it comes to engaging with businesses.  An increasing tech-savvy population within the continent has seen a surge of more disruptive tech coming our way. Companies are pushed to craft new ways to incorporate technology or risk losing revenues. Simply put, Adapt or Lose business! Disruptive Technology
© ISACA 2016. All Rights Reserved. #AFRICACACS These disruptive technologies include but are not limited to:  IoT Internet of things  Cloud Services  Mobile money  Introduction of 4G network capability Consequently, businesses are under immense pressure to adopt these new technologies in order to maintain their competitive edge in the market. The result of this - these organisations are now more vulnerable to attacks. What This Means for Companies
© ISACA 2016. All Rights Reserved. #AFRICACACS  The biggest worry is how a company can consume all this information that is being generated by millions of IoTs to bring valuable insight.  Due to insecure implementation, these Internet-connected embedded devices are routinely being hacked and used as weapons in cyber-attacks. Internet of Things (IoT)
© ISACA 2016. All Rights Reserved. #AFRICACACS  We are moving information from our premises to the cloud.  From a security perspective, this presents two security issues. 1. Traditional firewall protection won’t help us protect our systems and 2. we are losing visibility of our security posture.  Managers sometimes forget that even though data is on the cloud, they are the ones who still OWN the data. When a cloud company is breached, it’s your data that’s being exfiltrated. You can delegate work but not responsibility. Cloud Services
© ISACA 2016. All Rights Reserved. #AFRICACACS  Third parties are usually considered the weakest link to an organization.  Reported breaches that were related to Vendors - JP Morgan Breach, Target data breach As we are looking at these, it’s also about the TRUST within the supply chain. You need to ask yourself these: 1. What is it you are trusting with these 3rd party vendors with? 2. Is it Intellectual property? Brand and reputation? or Shared Control? 3. Do these companies have the capabilities to reduce that risk that they introduce to those they serve? The supply chain
© ISACA 2016. All Rights Reserved. #AFRICACACS As technology evolves, so does cybercrime. The criminal complexity is growing more sophisticated in software tools. Cyber criminals have improved their tactics.  Patching malware  DDoS as a Service  IoT Botnets  Targeted Attacks Sophistication of Attacks
© ISACA 2016. All Rights Reserved. #AFRICACACS  We need a solution that can help us consume all the data we are receiving from these new technologies that we are embracing and provide valuable insight to Organizations.  We need a platform to provide enhanced visibility on the security posture of organizations with regards to potential sources of attack.  This solution is the SOC (Security Operation Center)  As Serianu, our core business is to provide clients with valuable insight and enhanced visibility into information assets. As part of this, we help develop and manage an organization’s SOC. What's the Solution?
© ISACA 2016. All Rights Reserved. #AFRICACACS There is need for us to centralize collection, monitoring, detection and prevention of information. 1. Correlation of different logs(Telling the Story) -Single, isolated events often do not tell the whole story. 2. Real time monitoring of Security events. 3. Forensics- Even in cases where attacks are successful and data is stolen or systems compromised, an enterprise may be able to learn how to block future attacks through forensics. 4. New Attack Vectors- Because a firewall and IDS will not protect your mobile devices from hackers. Benefits of a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS  Building a topnotch security operations center (SOC) takes a lot of time and no matter how much money you are prepared to spend, the task is generally considered more of a marathon than a sprint.  Organizations should take a data-intensive approach called “Intelligence- driven security” to protecting critical information and business assets.  Organizations need to converge and create collaboration among Information Security, Risk Management, Customer Security Management and Corporate Protection and Investigation groups to achieve a more compound view of risk throughout the whole organization. Designing a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS  Vulnerability-centric defense places focus on the “how” while threat centric defense focuses on the “who” and “what”.  Specifically, you must ask yourself who would they be interested in when attacking your network, and what would they stand to gain from such an action?  Threat-centric defense is much harder to perform than its predecessor. This is because it requires two things: extensive visibility into your network, and the ability to collect and analyze intelligence related to the intent and capability of attackers. Vulnerability-centric vs Threat-centric defense
© ISACA 2016. All Rights Reserved. #AFRICACACS  When it comes to defining threats, ask the question - “What is the worst scenario that relates to the survivability of the organization?”  The answer must come straight from the Top Management.  With the identification of these threats, the security team should then dig deeper and narrow down to the underlying technologies.  You need to understand the infrastructure within the network by asking the right questions to the primary stakeholders involved. Define Threats- (Threat-centric security )
© ISACA 2016. All Rights Reserved. #AFRICACACS  As Serianu, we use the following fundamental building blocks when designing our client’s SOC; Roadmap
© ISACA 2016. All Rights Reserved. #AFRICACACS  People: While analyzing the people aspect in an organization, it’s important to look at the level of formal training, experience, level of expertise and Security awareness. It’s easy for top management to feel confident that their employees are well prepared to handle any security issue. Far too often, this is not the case. You find that these staff are too busy or are not equipped with the right skills and experience to maintain a far-reaching security strategy, and they react to problems rather than proactively managing layered security. Roadmap
© ISACA 2016. All Rights Reserved. #AFRICACACS  Processes Existing processes within an organization need to be defined and where necessary documented. When it comes to SOC, defining repeatable incident triage and investigation processes standardizes the actions a SOC analyst takes and ensures no important tasks fall through the cracks.  Technology Understanding the underlying technology of an organization is key. This understanding will help determine the kind of attacks/exploits to expect, vulnerabilities and ways to mitigate. Roadmap
© ISACA 2016. All Rights Reserved. #AFRICACACS  What type of SOC to acquire? A company can either outsource a SOC or operate one In-house.  An in-house SOC has the advantage that the staff know the environment better and have most potential to be most efficient. However, there is higher pressure to show ROI quickly and higher potential for collusion between analyst and attacker.  An outsourced SOC has less potential for collusion between monitoring team and attacker and the staff are unbiased. The biggest risk with this however is the risk of external data mishandling. Acquiring a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS When Outsourcing a SOC:  About the company- Its reputation, customers and duration in business.  Stability of the company- How many systems can they monitor?  Staffing of the Company- What is the experience of its staff?  Sizing and costs  Contents of the SLA  Knowledge transfer In-house SOC  What tasks will the SOC perform?  Who will own and Manage it? What qualifications will they need?  Who will use the data collected and analysed? Fundamental Questions
© ISACA 2016. All Rights Reserved. #AFRICACACS  As a vendor, my role and that of every analyst is to share our unique visibility of the information security field. Our clients are in a battle field without weapons defending themselves against an attacker who is armed with weapons. It’s up to us to ensure that we are not the point of weakness for the organizations we aim to protect. Role of the Vendor
© ISACA 2016. All Rights Reserved. #AFRICACACS What are the Cost implications of Outsourcing(MSSP) verses operating a SOC In-house?
© ISACA 2016. All Rights Reserved. #AFRICACACS The Business Case for Managed Security Services Managed Security Services Providers vs. SIEM Product Solutions http://www.solutionary.com/dms/solutionary/Files/whitepapers/MSSP_vs_SIEM.pdf
© ISACA 2016. All Rights Reserved. #AFRICACACS  Defining Expectations and Scope  Defining Normal through Baselining  Threat Intelligence  Incident Handling Operating a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS  Before starting any operations in the SOC, its Expectations paramount that the Executives and the SOC team meet up and clearly define the scope and expectations. Defining scope helps prevent unrealistic expectations from both sides. Reality Expectations and Scope
© ISACA 2016. All Rights Reserved. #AFRICACACS  A SOC consolidates a lot of information from different sources and it’s the ability to differentiate what's normal from what is abnormal that will contribute to the general success of the SOC.  Start by understanding the network and processes of the Organization.  Clearly state the problem to be solved by the SIEM tool/SOC  Review the functionality of different components of the SOC i.e. SIEM tool/ Vulnerability management tools (rules, algorithms, reports and dashboards) that is needed to solve the problem.  Develop Use cases. Defining Normal through Baselining
© ISACA 2016. All Rights Reserved. #AFRICACACS  What is Threat Intelligence?- The ability of a SOC to identify and update specific types of threat information that will help in detecting attacks. – Continuous monitoring to ensure that all the rules are working – Fine tuning the rule with time – Visualization on the dashboard – Drilling down on particular incidents – Reporting. Threat Intelligence
© ISACA 2016. All Rights Reserved. #AFRICACACS Prevention Eventually fails  Identification: This phase deals with the detection and determination of whether a deviation from normal operations within an organization is an incident and its scope assuming that the deviation is indeed an incident.  Containment-Involve management at this point in time.  Eradication- Understand the attack vector and remove it permanently as well as cleanup any remnants from the attack.  Recovery- This is where you put systems back into production.  Lessons Learned- What are the main learning points derived. Incident Handling
© ISACA 2016. All Rights Reserved. #AFRICACACS A good SOC analyst should possess (but not limited to) the following skills:  Offensive and Defensive Tactics- Penetration testing and security assessments.  Systems Administration - An adept understanding of Windows and Linux  Malware Analysis- Performing both dynamic and static analysis.  Host-Based Forensics- This knowledge is used to generate new indicators of compromise Qualities of a SOC Analyst
© ISACA 2016. All Rights Reserved. #AFRICACACS  Organizations should not measure the effectiveness of SIEM by whether a compromise occurs, but rather, how effectively it is detected, analyzed, and escalated. Ultimately, instead of asking “why did this happen?”, the questions leadership should be asking your SOC team after a compromise are, “how quickly were we able to detect it, how quickly were we able to escalate it to response, and how we can adjust our SOC posture to be better prepared next time?” Measuring The Success of a SIEM
© ISACA 2016. All Rights Reserved. #AFRICACACS  Embracing Security- Gartner projects that by 2020, 60% of budgets will be allocated to rapid detection and response approaches.  Paradigm of Fear: There are far much bigger risk that far outstrip the ones we’re focused on, risks that need to be dealt with in a more focused way. We need a change of an epical nature.  Fragmentation of the solution.  Change behavior- Intellectually we know that antivirus, malware sandboxes, firewalls and next generation firewalls won’t protect us but it’s still not translating into change behavior fast enough. Attitude Change
© ISACA 2016. All Rights Reserved. #AFRICACACS To run a successful SOC, the following governance principles should be applied:  Invest in People: “Adversaries are not beating us because they have more technology, it’s because they’re more creative, patient, single minded and they explore limitless pathways”- RSA president Amit Yoran.  Emphasize Teamwork: cohesiveness helps promote a learning culture. Sustainable Governance
© ISACA 2016. All Rights Reserved. #AFRICACACS  Provide Formalized Opportunities for Professional Growth  Reward Success- Acknowledge the efforts of those who contribute to the success of the SOC as this can be a monumental morale booster.  Exercise Servant Leadership- Give precedence to the needs of others by helping them achieve their mission for the prosperity of the organization. Sustainable Governance
© ISACA 2016. All Rights Reserved. #AFRICACACS  Acquiring and maintaining a SOC takes a lot of money and it’s the company’s responsibility to ensure that value is gotten from these Centers.  Running a successful SOC is not a time affair. It takes time and correction of a lot of errors along the way. Mistakes will be made.  Finding and maintaining good analysts is also difficult.  Prevention eventually fails- you will be hacked.  Information Security is not a one person affair and as such, companies in the same industry need to collaborate, share information that will enable improved detection and prevention of attacks. Conclusion
© ISACA 2016. All Rights Reserved. #AFRICACACS  Bejtlich, R. (2013). The practice of network security monitoring: understanding incident detection and response. No Starch Press.  Ben rothke. (2016). Rsaconferencecom. Retrieved 18 July, 2016, from https://www.rsaconference.com/writable/presentations/file_upload/tech-203.pdf  Sanders, C., & Smith, J. (2013). Applied network security monitoring: collection, detection, and analysis. Elsevier.  Torres alissa, T.A. (2016). Sansorg. Retrieved 18 July, 2016, from https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations- center-roadmap-35907  RSA Technical Brief, February 2013  Troels Oerting, CISO Barclays Bank-RSA Conference 2016  Amit Yoran, President RSA- RSA Conference 2016  Samir Kapuria, GM Cyber Security Services, Symantec-RSA Conference 2016 References and Further Reading
© ISACA 2016. All Rights Reserved. #AFRICACACS Thank You!

Recommended

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 

Recommended

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Soc
SocSoc
SocMukesh Chaudhari
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
SOC Service in India.pdf
SOC Service in India.pdfSOC Service in India.pdf
SOC Service in India.pdfACS Networks & Technologies
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 

More Related Content

What's hot

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 

What's hot (20)

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Soc
SocSoc
Soc
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 

Similar to Governance of Security Operation Centers (SOC

Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYSecureData Europe
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19Dharmendra Rama
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Accenture Technology
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5accenture
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowShantam Goel
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!CA Technologies
 

Similar to Governance of Security Operation Centers (SOC (20)

SOC Service in India.pdf
SOC Service in India.pdfSOC Service in India.pdf
SOC Service in India.pdf
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITY
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 
How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!
 

Recently uploaded

Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...dajasot375
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceSapana Sha
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...Florian Roscheck
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdfHuman37
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home ServiceSapana Sha
 
Identifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanIdentifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanMYRABACSAFRA2
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 2Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 217djon017
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhijennyeacort
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxthyngster
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsVICTOR MAESTRE RAMIREZ
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTBoston Institute of Analytics
 
Defining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data StoryDefining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data StoryJeremy Anderson
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改yuu sss
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfBoston Institute of Analytics
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 

Recently uploaded (20)

Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts Service
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
 
9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service9654467111 Call Girls In Munirka Hotel And Home Service
9654467111 Call Girls In Munirka Hotel And Home Service
 
Identifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanIdentifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population Mean
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 2Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 2
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business Professionals
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
 
Defining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data StoryDefining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data Story
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 

Governance of Security Operation Centers (SOC

  • 1. Governance of Security Operation Centers Governance of Security Operation Centers Brencil Kaimba, Information Security Consultant, Serianu Limited.
  • 2. © ISACA 2016. All Rights Reserved. #AFRICACACS Brencil Kaimba ISO 27001/2013 Certified SIEM deployment and analysis certified Information Security Consultant at Serianu Limited Email: brencil.kaimba@serianu.com About Me
  • 3. © ISACA 2016. All Rights Reserved. #AFRICACACS Agenda  Disruptive Technology  The impact of Disruptive Technology on organizations.  Need for a Security Operations Center (SOC)  Designing an effective SOC  Operating a SOC  Qualities of an Analyst  Measuring the success of a SOC  Sustainable Governance
  • 4. © ISACA 2016. All Rights Reserved. #AFRICACACS In recent years , the growth in technology and Innovation has been an engine of change, enabling people to do new things in ways that make old technology obsolete . This is what we call disruptive technology. Firms are in a race to match consumers to services and products. Customers are demanding more and more ease when it comes to engaging with businesses.  An increasing tech-savvy population within the continent has seen a surge of more disruptive tech coming our way. Companies are pushed to craft new ways to incorporate technology or risk losing revenues. Simply put, Adapt or Lose business! Disruptive Technology
  • 5. © ISACA 2016. All Rights Reserved. #AFRICACACS These disruptive technologies include but are not limited to:  IoT Internet of things  Cloud Services  Mobile money  Introduction of 4G network capability Consequently, businesses are under immense pressure to adopt these new technologies in order to maintain their competitive edge in the market. The result of this - these organisations are now more vulnerable to attacks. What This Means for Companies
  • 6. © ISACA 2016. All Rights Reserved. #AFRICACACS  The biggest worry is how a company can consume all this information that is being generated by millions of IoTs to bring valuable insight.  Due to insecure implementation, these Internet-connected embedded devices are routinely being hacked and used as weapons in cyber-attacks. Internet of Things (IoT)
  • 7. © ISACA 2016. All Rights Reserved. #AFRICACACS  We are moving information from our premises to the cloud.  From a security perspective, this presents two security issues. 1. Traditional firewall protection won’t help us protect our systems and 2. we are losing visibility of our security posture.  Managers sometimes forget that even though data is on the cloud, they are the ones who still OWN the data. When a cloud company is breached, it’s your data that’s being exfiltrated. You can delegate work but not responsibility. Cloud Services
  • 8. © ISACA 2016. All Rights Reserved. #AFRICACACS  Third parties are usually considered the weakest link to an organization.  Reported breaches that were related to Vendors - JP Morgan Breach, Target data breach As we are looking at these, it’s also about the TRUST within the supply chain. You need to ask yourself these: 1. What is it you are trusting with these 3rd party vendors with? 2. Is it Intellectual property? Brand and reputation? or Shared Control? 3. Do these companies have the capabilities to reduce that risk that they introduce to those they serve? The supply chain
  • 9. © ISACA 2016. All Rights Reserved. #AFRICACACS As technology evolves, so does cybercrime. The criminal complexity is growing more sophisticated in software tools. Cyber criminals have improved their tactics.  Patching malware  DDoS as a Service  IoT Botnets  Targeted Attacks Sophistication of Attacks
  • 10. © ISACA 2016. All Rights Reserved. #AFRICACACS  We need a solution that can help us consume all the data we are receiving from these new technologies that we are embracing and provide valuable insight to Organizations.  We need a platform to provide enhanced visibility on the security posture of organizations with regards to potential sources of attack.  This solution is the SOC (Security Operation Center)  As Serianu, our core business is to provide clients with valuable insight and enhanced visibility into information assets. As part of this, we help develop and manage an organization’s SOC. What's the Solution?
  • 11. © ISACA 2016. All Rights Reserved. #AFRICACACS There is need for us to centralize collection, monitoring, detection and prevention of information. 1. Correlation of different logs(Telling the Story) -Single, isolated events often do not tell the whole story. 2. Real time monitoring of Security events. 3. Forensics- Even in cases where attacks are successful and data is stolen or systems compromised, an enterprise may be able to learn how to block future attacks through forensics. 4. New Attack Vectors- Because a firewall and IDS will not protect your mobile devices from hackers. Benefits of a SOC
  • 12. © ISACA 2016. All Rights Reserved. #AFRICACACS  Building a topnotch security operations center (SOC) takes a lot of time and no matter how much money you are prepared to spend, the task is generally considered more of a marathon than a sprint.  Organizations should take a data-intensive approach called “Intelligence- driven security” to protecting critical information and business assets.  Organizations need to converge and create collaboration among Information Security, Risk Management, Customer Security Management and Corporate Protection and Investigation groups to achieve a more compound view of risk throughout the whole organization. Designing a SOC
  • 13. © ISACA 2016. All Rights Reserved. #AFRICACACS  Vulnerability-centric defense places focus on the “how” while threat centric defense focuses on the “who” and “what”.  Specifically, you must ask yourself who would they be interested in when attacking your network, and what would they stand to gain from such an action?  Threat-centric defense is much harder to perform than its predecessor. This is because it requires two things: extensive visibility into your network, and the ability to collect and analyze intelligence related to the intent and capability of attackers. Vulnerability-centric vs Threat-centric defense
  • 14. © ISACA 2016. All Rights Reserved. #AFRICACACS  When it comes to defining threats, ask the question - “What is the worst scenario that relates to the survivability of the organization?”  The answer must come straight from the Top Management.  With the identification of these threats, the security team should then dig deeper and narrow down to the underlying technologies.  You need to understand the infrastructure within the network by asking the right questions to the primary stakeholders involved. Define Threats- (Threat-centric security )
  • 15. © ISACA 2016. All Rights Reserved. #AFRICACACS  As Serianu, we use the following fundamental building blocks when designing our client’s SOC; Roadmap
  • 16. © ISACA 2016. All Rights Reserved. #AFRICACACS  People: While analyzing the people aspect in an organization, it’s important to look at the level of formal training, experience, level of expertise and Security awareness. It’s easy for top management to feel confident that their employees are well prepared to handle any security issue. Far too often, this is not the case. You find that these staff are too busy or are not equipped with the right skills and experience to maintain a far-reaching security strategy, and they react to problems rather than proactively managing layered security. Roadmap
  • 17. © ISACA 2016. All Rights Reserved. #AFRICACACS  Processes Existing processes within an organization need to be defined and where necessary documented. When it comes to SOC, defining repeatable incident triage and investigation processes standardizes the actions a SOC analyst takes and ensures no important tasks fall through the cracks.  Technology Understanding the underlying technology of an organization is key. This understanding will help determine the kind of attacks/exploits to expect, vulnerabilities and ways to mitigate. Roadmap
  • 18. © ISACA 2016. All Rights Reserved. #AFRICACACS  What type of SOC to acquire? A company can either outsource a SOC or operate one In-house.  An in-house SOC has the advantage that the staff know the environment better and have most potential to be most efficient. However, there is higher pressure to show ROI quickly and higher potential for collusion between analyst and attacker.  An outsourced SOC has less potential for collusion between monitoring team and attacker and the staff are unbiased. The biggest risk with this however is the risk of external data mishandling. Acquiring a SOC
  • 19. © ISACA 2016. All Rights Reserved. #AFRICACACS When Outsourcing a SOC:  About the company- Its reputation, customers and duration in business.  Stability of the company- How many systems can they monitor?  Staffing of the Company- What is the experience of its staff?  Sizing and costs  Contents of the SLA  Knowledge transfer In-house SOC  What tasks will the SOC perform?  Who will own and Manage it? What qualifications will they need?  Who will use the data collected and analysed? Fundamental Questions
  • 20. © ISACA 2016. All Rights Reserved. #AFRICACACS  As a vendor, my role and that of every analyst is to share our unique visibility of the information security field. Our clients are in a battle field without weapons defending themselves against an attacker who is armed with weapons. It’s up to us to ensure that we are not the point of weakness for the organizations we aim to protect. Role of the Vendor
  • 21. © ISACA 2016. All Rights Reserved. #AFRICACACS What are the Cost implications of Outsourcing(MSSP) verses operating a SOC In-house?
  • 22. © ISACA 2016. All Rights Reserved. #AFRICACACS The Business Case for Managed Security Services Managed Security Services Providers vs. SIEM Product Solutions http://www.solutionary.com/dms/solutionary/Files/whitepapers/MSSP_vs_SIEM.pdf
  • 23. © ISACA 2016. All Rights Reserved. #AFRICACACS  Defining Expectations and Scope  Defining Normal through Baselining  Threat Intelligence  Incident Handling Operating a SOC
  • 24. © ISACA 2016. All Rights Reserved. #AFRICACACS  Before starting any operations in the SOC, its Expectations paramount that the Executives and the SOC team meet up and clearly define the scope and expectations. Defining scope helps prevent unrealistic expectations from both sides. Reality Expectations and Scope
  • 25. © ISACA 2016. All Rights Reserved. #AFRICACACS  A SOC consolidates a lot of information from different sources and it’s the ability to differentiate what's normal from what is abnormal that will contribute to the general success of the SOC.  Start by understanding the network and processes of the Organization.  Clearly state the problem to be solved by the SIEM tool/SOC  Review the functionality of different components of the SOC i.e. SIEM tool/ Vulnerability management tools (rules, algorithms, reports and dashboards) that is needed to solve the problem.  Develop Use cases. Defining Normal through Baselining
  • 26. © ISACA 2016. All Rights Reserved. #AFRICACACS  What is Threat Intelligence?- The ability of a SOC to identify and update specific types of threat information that will help in detecting attacks. – Continuous monitoring to ensure that all the rules are working – Fine tuning the rule with time – Visualization on the dashboard – Drilling down on particular incidents – Reporting. Threat Intelligence
  • 27. © ISACA 2016. All Rights Reserved. #AFRICACACS Prevention Eventually fails  Identification: This phase deals with the detection and determination of whether a deviation from normal operations within an organization is an incident and its scope assuming that the deviation is indeed an incident.  Containment-Involve management at this point in time.  Eradication- Understand the attack vector and remove it permanently as well as cleanup any remnants from the attack.  Recovery- This is where you put systems back into production.  Lessons Learned- What are the main learning points derived. Incident Handling
  • 28. © ISACA 2016. All Rights Reserved. #AFRICACACS A good SOC analyst should possess (but not limited to) the following skills:  Offensive and Defensive Tactics- Penetration testing and security assessments.  Systems Administration - An adept understanding of Windows and Linux  Malware Analysis- Performing both dynamic and static analysis.  Host-Based Forensics- This knowledge is used to generate new indicators of compromise Qualities of a SOC Analyst
  • 29. © ISACA 2016. All Rights Reserved. #AFRICACACS  Organizations should not measure the effectiveness of SIEM by whether a compromise occurs, but rather, how effectively it is detected, analyzed, and escalated. Ultimately, instead of asking “why did this happen?”, the questions leadership should be asking your SOC team after a compromise are, “how quickly were we able to detect it, how quickly were we able to escalate it to response, and how we can adjust our SOC posture to be better prepared next time?” Measuring The Success of a SIEM
  • 30. © ISACA 2016. All Rights Reserved. #AFRICACACS  Embracing Security- Gartner projects that by 2020, 60% of budgets will be allocated to rapid detection and response approaches.  Paradigm of Fear: There are far much bigger risk that far outstrip the ones we’re focused on, risks that need to be dealt with in a more focused way. We need a change of an epical nature.  Fragmentation of the solution.  Change behavior- Intellectually we know that antivirus, malware sandboxes, firewalls and next generation firewalls won’t protect us but it’s still not translating into change behavior fast enough. Attitude Change
  • 31. © ISACA 2016. All Rights Reserved. #AFRICACACS To run a successful SOC, the following governance principles should be applied:  Invest in People: “Adversaries are not beating us because they have more technology, it’s because they’re more creative, patient, single minded and they explore limitless pathways”- RSA president Amit Yoran.  Emphasize Teamwork: cohesiveness helps promote a learning culture. Sustainable Governance
  • 32. © ISACA 2016. All Rights Reserved. #AFRICACACS  Provide Formalized Opportunities for Professional Growth  Reward Success- Acknowledge the efforts of those who contribute to the success of the SOC as this can be a monumental morale booster.  Exercise Servant Leadership- Give precedence to the needs of others by helping them achieve their mission for the prosperity of the organization. Sustainable Governance
  • 33. © ISACA 2016. All Rights Reserved. #AFRICACACS  Acquiring and maintaining a SOC takes a lot of money and it’s the company’s responsibility to ensure that value is gotten from these Centers.  Running a successful SOC is not a time affair. It takes time and correction of a lot of errors along the way. Mistakes will be made.  Finding and maintaining good analysts is also difficult.  Prevention eventually fails- you will be hacked.  Information Security is not a one person affair and as such, companies in the same industry need to collaborate, share information that will enable improved detection and prevention of attacks. Conclusion
  • 34. © ISACA 2016. All Rights Reserved. #AFRICACACS  Bejtlich, R. (2013). The practice of network security monitoring: understanding incident detection and response. No Starch Press.  Ben rothke. (2016). Rsaconferencecom. Retrieved 18 July, 2016, from https://www.rsaconference.com/writable/presentations/file_upload/tech-203.pdf  Sanders, C., & Smith, J. (2013). Applied network security monitoring: collection, detection, and analysis. Elsevier.  Torres alissa, T.A. (2016). Sansorg. Retrieved 18 July, 2016, from https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations- center-roadmap-35907  RSA Technical Brief, February 2013  Troels Oerting, CISO Barclays Bank-RSA Conference 2016  Amit Yoran, President RSA- RSA Conference 2016  Samir Kapuria, GM Cyber Security Services, Symantec-RSA Conference 2016 References and Further Reading
  • 35. © ISACA 2016. All Rights Reserved. #AFRICACACS Thank You!