SlideShare uma empresa Scribd logo

Governance of Security Operation Centers (SOC

B
Brencil Kaimba

This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.

Dados e análise
1 de 35
Baixar para ler offline
Governance of Security Operation Centers Governance of Security Operation Centers Brencil Kaimba, Information Security Consultant, Serianu Limited.
© ISACA 2016. All Rights Reserved. #AFRICACACS Brencil Kaimba ISO 27001/2013 Certified SIEM deployment and analysis certified Information Security Consultant at Serianu Limited Email: brencil.kaimba@serianu.com About Me
© ISACA 2016. All Rights Reserved. #AFRICACACS Agenda  Disruptive Technology  The impact of Disruptive Technology on organizations.  Need for a Security Operations Center (SOC)  Designing an effective SOC  Operating a SOC  Qualities of an Analyst  Measuring the success of a SOC  Sustainable Governance
© ISACA 2016. All Rights Reserved. #AFRICACACS In recent years , the growth in technology and Innovation has been an engine of change, enabling people to do new things in ways that make old technology obsolete . This is what we call disruptive technology. Firms are in a race to match consumers to services and products. Customers are demanding more and more ease when it comes to engaging with businesses.  An increasing tech-savvy population within the continent has seen a surge of more disruptive tech coming our way. Companies are pushed to craft new ways to incorporate technology or risk losing revenues. Simply put, Adapt or Lose business! Disruptive Technology
© ISACA 2016. All Rights Reserved. #AFRICACACS These disruptive technologies include but are not limited to:  IoT Internet of things  Cloud Services  Mobile money  Introduction of 4G network capability Consequently, businesses are under immense pressure to adopt these new technologies in order to maintain their competitive edge in the market. The result of this - these organisations are now more vulnerable to attacks. What This Means for Companies
© ISACA 2016. All Rights Reserved. #AFRICACACS  The biggest worry is how a company can consume all this information that is being generated by millions of IoTs to bring valuable insight.  Due to insecure implementation, these Internet-connected embedded devices are routinely being hacked and used as weapons in cyber-attacks. Internet of Things (IoT)
© ISACA 2016. All Rights Reserved. #AFRICACACS  We are moving information from our premises to the cloud.  From a security perspective, this presents two security issues. 1. Traditional firewall protection won’t help us protect our systems and 2. we are losing visibility of our security posture.  Managers sometimes forget that even though data is on the cloud, they are the ones who still OWN the data. When a cloud company is breached, it’s your data that’s being exfiltrated. You can delegate work but not responsibility. Cloud Services
© ISACA 2016. All Rights Reserved. #AFRICACACS  Third parties are usually considered the weakest link to an organization.  Reported breaches that were related to Vendors - JP Morgan Breach, Target data breach As we are looking at these, it’s also about the TRUST within the supply chain. You need to ask yourself these: 1. What is it you are trusting with these 3rd party vendors with? 2. Is it Intellectual property? Brand and reputation? or Shared Control? 3. Do these companies have the capabilities to reduce that risk that they introduce to those they serve? The supply chain
© ISACA 2016. All Rights Reserved. #AFRICACACS As technology evolves, so does cybercrime. The criminal complexity is growing more sophisticated in software tools. Cyber criminals have improved their tactics.  Patching malware  DDoS as a Service  IoT Botnets  Targeted Attacks Sophistication of Attacks
© ISACA 2016. All Rights Reserved. #AFRICACACS  We need a solution that can help us consume all the data we are receiving from these new technologies that we are embracing and provide valuable insight to Organizations.  We need a platform to provide enhanced visibility on the security posture of organizations with regards to potential sources of attack.  This solution is the SOC (Security Operation Center)  As Serianu, our core business is to provide clients with valuable insight and enhanced visibility into information assets. As part of this, we help develop and manage an organization’s SOC. What's the Solution?
© ISACA 2016. All Rights Reserved. #AFRICACACS There is need for us to centralize collection, monitoring, detection and prevention of information. 1. Correlation of different logs(Telling the Story) -Single, isolated events often do not tell the whole story. 2. Real time monitoring of Security events. 3. Forensics- Even in cases where attacks are successful and data is stolen or systems compromised, an enterprise may be able to learn how to block future attacks through forensics. 4. New Attack Vectors- Because a firewall and IDS will not protect your mobile devices from hackers. Benefits of a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS  Building a topnotch security operations center (SOC) takes a lot of time and no matter how much money you are prepared to spend, the task is generally considered more of a marathon than a sprint.  Organizations should take a data-intensive approach called “Intelligence- driven security” to protecting critical information and business assets.  Organizations need to converge and create collaboration among Information Security, Risk Management, Customer Security Management and Corporate Protection and Investigation groups to achieve a more compound view of risk throughout the whole organization. Designing a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS  Vulnerability-centric defense places focus on the “how” while threat centric defense focuses on the “who” and “what”.  Specifically, you must ask yourself who would they be interested in when attacking your network, and what would they stand to gain from such an action?  Threat-centric defense is much harder to perform than its predecessor. This is because it requires two things: extensive visibility into your network, and the ability to collect and analyze intelligence related to the intent and capability of attackers. Vulnerability-centric vs Threat-centric defense
© ISACA 2016. All Rights Reserved. #AFRICACACS  When it comes to defining threats, ask the question - “What is the worst scenario that relates to the survivability of the organization?”  The answer must come straight from the Top Management.  With the identification of these threats, the security team should then dig deeper and narrow down to the underlying technologies.  You need to understand the infrastructure within the network by asking the right questions to the primary stakeholders involved. Define Threats- (Threat-centric security )
© ISACA 2016. All Rights Reserved. #AFRICACACS  As Serianu, we use the following fundamental building blocks when designing our client’s SOC; Roadmap
© ISACA 2016. All Rights Reserved. #AFRICACACS  People: While analyzing the people aspect in an organization, it’s important to look at the level of formal training, experience, level of expertise and Security awareness. It’s easy for top management to feel confident that their employees are well prepared to handle any security issue. Far too often, this is not the case. You find that these staff are too busy or are not equipped with the right skills and experience to maintain a far-reaching security strategy, and they react to problems rather than proactively managing layered security. Roadmap
© ISACA 2016. All Rights Reserved. #AFRICACACS  Processes Existing processes within an organization need to be defined and where necessary documented. When it comes to SOC, defining repeatable incident triage and investigation processes standardizes the actions a SOC analyst takes and ensures no important tasks fall through the cracks.  Technology Understanding the underlying technology of an organization is key. This understanding will help determine the kind of attacks/exploits to expect, vulnerabilities and ways to mitigate. Roadmap
© ISACA 2016. All Rights Reserved. #AFRICACACS  What type of SOC to acquire? A company can either outsource a SOC or operate one In-house.  An in-house SOC has the advantage that the staff know the environment better and have most potential to be most efficient. However, there is higher pressure to show ROI quickly and higher potential for collusion between analyst and attacker.  An outsourced SOC has less potential for collusion between monitoring team and attacker and the staff are unbiased. The biggest risk with this however is the risk of external data mishandling. Acquiring a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS When Outsourcing a SOC:  About the company- Its reputation, customers and duration in business.  Stability of the company- How many systems can they monitor?  Staffing of the Company- What is the experience of its staff?  Sizing and costs  Contents of the SLA  Knowledge transfer In-house SOC  What tasks will the SOC perform?  Who will own and Manage it? What qualifications will they need?  Who will use the data collected and analysed? Fundamental Questions
© ISACA 2016. All Rights Reserved. #AFRICACACS  As a vendor, my role and that of every analyst is to share our unique visibility of the information security field. Our clients are in a battle field without weapons defending themselves against an attacker who is armed with weapons. It’s up to us to ensure that we are not the point of weakness for the organizations we aim to protect. Role of the Vendor
© ISACA 2016. All Rights Reserved. #AFRICACACS What are the Cost implications of Outsourcing(MSSP) verses operating a SOC In-house?
© ISACA 2016. All Rights Reserved. #AFRICACACS The Business Case for Managed Security Services Managed Security Services Providers vs. SIEM Product Solutions http://www.solutionary.com/dms/solutionary/Files/whitepapers/MSSP_vs_SIEM.pdf
© ISACA 2016. All Rights Reserved. #AFRICACACS  Defining Expectations and Scope  Defining Normal through Baselining  Threat Intelligence  Incident Handling Operating a SOC
© ISACA 2016. All Rights Reserved. #AFRICACACS  Before starting any operations in the SOC, its Expectations paramount that the Executives and the SOC team meet up and clearly define the scope and expectations. Defining scope helps prevent unrealistic expectations from both sides. Reality Expectations and Scope
© ISACA 2016. All Rights Reserved. #AFRICACACS  A SOC consolidates a lot of information from different sources and it’s the ability to differentiate what's normal from what is abnormal that will contribute to the general success of the SOC.  Start by understanding the network and processes of the Organization.  Clearly state the problem to be solved by the SIEM tool/SOC  Review the functionality of different components of the SOC i.e. SIEM tool/ Vulnerability management tools (rules, algorithms, reports and dashboards) that is needed to solve the problem.  Develop Use cases. Defining Normal through Baselining
© ISACA 2016. All Rights Reserved. #AFRICACACS  What is Threat Intelligence?- The ability of a SOC to identify and update specific types of threat information that will help in detecting attacks. – Continuous monitoring to ensure that all the rules are working – Fine tuning the rule with time – Visualization on the dashboard – Drilling down on particular incidents – Reporting. Threat Intelligence
© ISACA 2016. All Rights Reserved. #AFRICACACS Prevention Eventually fails  Identification: This phase deals with the detection and determination of whether a deviation from normal operations within an organization is an incident and its scope assuming that the deviation is indeed an incident.  Containment-Involve management at this point in time.  Eradication- Understand the attack vector and remove it permanently as well as cleanup any remnants from the attack.  Recovery- This is where you put systems back into production.  Lessons Learned- What are the main learning points derived. Incident Handling
© ISACA 2016. All Rights Reserved. #AFRICACACS A good SOC analyst should possess (but not limited to) the following skills:  Offensive and Defensive Tactics- Penetration testing and security assessments.  Systems Administration - An adept understanding of Windows and Linux  Malware Analysis- Performing both dynamic and static analysis.  Host-Based Forensics- This knowledge is used to generate new indicators of compromise Qualities of a SOC Analyst
© ISACA 2016. All Rights Reserved. #AFRICACACS  Organizations should not measure the effectiveness of SIEM by whether a compromise occurs, but rather, how effectively it is detected, analyzed, and escalated. Ultimately, instead of asking “why did this happen?”, the questions leadership should be asking your SOC team after a compromise are, “how quickly were we able to detect it, how quickly were we able to escalate it to response, and how we can adjust our SOC posture to be better prepared next time?” Measuring The Success of a SIEM
© ISACA 2016. All Rights Reserved. #AFRICACACS  Embracing Security- Gartner projects that by 2020, 60% of budgets will be allocated to rapid detection and response approaches.  Paradigm of Fear: There are far much bigger risk that far outstrip the ones we’re focused on, risks that need to be dealt with in a more focused way. We need a change of an epical nature.  Fragmentation of the solution.  Change behavior- Intellectually we know that antivirus, malware sandboxes, firewalls and next generation firewalls won’t protect us but it’s still not translating into change behavior fast enough. Attitude Change
© ISACA 2016. All Rights Reserved. #AFRICACACS To run a successful SOC, the following governance principles should be applied:  Invest in People: “Adversaries are not beating us because they have more technology, it’s because they’re more creative, patient, single minded and they explore limitless pathways”- RSA president Amit Yoran.  Emphasize Teamwork: cohesiveness helps promote a learning culture. Sustainable Governance
© ISACA 2016. All Rights Reserved. #AFRICACACS  Provide Formalized Opportunities for Professional Growth  Reward Success- Acknowledge the efforts of those who contribute to the success of the SOC as this can be a monumental morale booster.  Exercise Servant Leadership- Give precedence to the needs of others by helping them achieve their mission for the prosperity of the organization. Sustainable Governance
© ISACA 2016. All Rights Reserved. #AFRICACACS  Acquiring and maintaining a SOC takes a lot of money and it’s the company’s responsibility to ensure that value is gotten from these Centers.  Running a successful SOC is not a time affair. It takes time and correction of a lot of errors along the way. Mistakes will be made.  Finding and maintaining good analysts is also difficult.  Prevention eventually fails- you will be hacked.  Information Security is not a one person affair and as such, companies in the same industry need to collaborate, share information that will enable improved detection and prevention of attacks. Conclusion
© ISACA 2016. All Rights Reserved. #AFRICACACS  Bejtlich, R. (2013). The practice of network security monitoring: understanding incident detection and response. No Starch Press.  Ben rothke. (2016). Rsaconferencecom. Retrieved 18 July, 2016, from https://www.rsaconference.com/writable/presentations/file_upload/tech-203.pdf  Sanders, C., & Smith, J. (2013). Applied network security monitoring: collection, detection, and analysis. Elsevier.  Torres alissa, T.A. (2016). Sansorg. Retrieved 18 July, 2016, from https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations- center-roadmap-35907  RSA Technical Brief, February 2013  Troels Oerting, CISO Barclays Bank-RSA Conference 2016  Amit Yoran, President RSA- RSA Conference 2016  Samir Kapuria, GM Cyber Security Services, Symantec-RSA Conference 2016 References and Further Reading
© ISACA 2016. All Rights Reserved. #AFRICACACS Thank You!

Recomendados

Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 

Recomendados

Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Soc
SocSoc
SocMukesh Chaudhari
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
SOC Service in India.pdf
SOC Service in India.pdfSOC Service in India.pdf
SOC Service in India.pdfACS Networks & Technologies
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 

Mais conteúdo relacionado

Mais procurados

Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 

Mais procurados (20)

Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Soc
SocSoc
Soc
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 

Semelhante a Governance of Security Operation Centers (SOC

Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYSecureData Europe
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19Dharmendra Rama
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Accenture Technology
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5accenture
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowShantam Goel
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!CA Technologies
 

Semelhante a Governance of Security Operation Centers (SOC (20)

SOC Service in India.pdf
SOC Service in India.pdfSOC Service in India.pdf
SOC Service in India.pdf
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITY
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 
Security operations center inhouse vs outsource
Security operations center inhouse vs outsourceSecurity operations center inhouse vs outsource
Security operations center inhouse vs outsource
 
How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!
 

Último

BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxolyaivanovalion
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfadriantubila
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxMohammedJunaid861692
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...shambhavirathore45
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxolyaivanovalion
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 

Último (20)

BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptx
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 

Governance of Security Operation Centers (SOC

  • 1. Governance of Security Operation Centers Governance of Security Operation Centers Brencil Kaimba, Information Security Consultant, Serianu Limited.
  • 2. © ISACA 2016. All Rights Reserved. #AFRICACACS Brencil Kaimba ISO 27001/2013 Certified SIEM deployment and analysis certified Information Security Consultant at Serianu Limited Email: brencil.kaimba@serianu.com About Me
  • 3. © ISACA 2016. All Rights Reserved. #AFRICACACS Agenda  Disruptive Technology  The impact of Disruptive Technology on organizations.  Need for a Security Operations Center (SOC)  Designing an effective SOC  Operating a SOC  Qualities of an Analyst  Measuring the success of a SOC  Sustainable Governance
  • 4. © ISACA 2016. All Rights Reserved. #AFRICACACS In recent years , the growth in technology and Innovation has been an engine of change, enabling people to do new things in ways that make old technology obsolete . This is what we call disruptive technology. Firms are in a race to match consumers to services and products. Customers are demanding more and more ease when it comes to engaging with businesses.  An increasing tech-savvy population within the continent has seen a surge of more disruptive tech coming our way. Companies are pushed to craft new ways to incorporate technology or risk losing revenues. Simply put, Adapt or Lose business! Disruptive Technology
  • 5. © ISACA 2016. All Rights Reserved. #AFRICACACS These disruptive technologies include but are not limited to:  IoT Internet of things  Cloud Services  Mobile money  Introduction of 4G network capability Consequently, businesses are under immense pressure to adopt these new technologies in order to maintain their competitive edge in the market. The result of this - these organisations are now more vulnerable to attacks. What This Means for Companies
  • 6. © ISACA 2016. All Rights Reserved. #AFRICACACS  The biggest worry is how a company can consume all this information that is being generated by millions of IoTs to bring valuable insight.  Due to insecure implementation, these Internet-connected embedded devices are routinely being hacked and used as weapons in cyber-attacks. Internet of Things (IoT)
  • 7. © ISACA 2016. All Rights Reserved. #AFRICACACS  We are moving information from our premises to the cloud.  From a security perspective, this presents two security issues. 1. Traditional firewall protection won’t help us protect our systems and 2. we are losing visibility of our security posture.  Managers sometimes forget that even though data is on the cloud, they are the ones who still OWN the data. When a cloud company is breached, it’s your data that’s being exfiltrated. You can delegate work but not responsibility. Cloud Services
  • 8. © ISACA 2016. All Rights Reserved. #AFRICACACS  Third parties are usually considered the weakest link to an organization.  Reported breaches that were related to Vendors - JP Morgan Breach, Target data breach As we are looking at these, it’s also about the TRUST within the supply chain. You need to ask yourself these: 1. What is it you are trusting with these 3rd party vendors with? 2. Is it Intellectual property? Brand and reputation? or Shared Control? 3. Do these companies have the capabilities to reduce that risk that they introduce to those they serve? The supply chain
  • 9. © ISACA 2016. All Rights Reserved. #AFRICACACS As technology evolves, so does cybercrime. The criminal complexity is growing more sophisticated in software tools. Cyber criminals have improved their tactics.  Patching malware  DDoS as a Service  IoT Botnets  Targeted Attacks Sophistication of Attacks
  • 10. © ISACA 2016. All Rights Reserved. #AFRICACACS  We need a solution that can help us consume all the data we are receiving from these new technologies that we are embracing and provide valuable insight to Organizations.  We need a platform to provide enhanced visibility on the security posture of organizations with regards to potential sources of attack.  This solution is the SOC (Security Operation Center)  As Serianu, our core business is to provide clients with valuable insight and enhanced visibility into information assets. As part of this, we help develop and manage an organization’s SOC. What's the Solution?
  • 11. © ISACA 2016. All Rights Reserved. #AFRICACACS There is need for us to centralize collection, monitoring, detection and prevention of information. 1. Correlation of different logs(Telling the Story) -Single, isolated events often do not tell the whole story. 2. Real time monitoring of Security events. 3. Forensics- Even in cases where attacks are successful and data is stolen or systems compromised, an enterprise may be able to learn how to block future attacks through forensics. 4. New Attack Vectors- Because a firewall and IDS will not protect your mobile devices from hackers. Benefits of a SOC
  • 12. © ISACA 2016. All Rights Reserved. #AFRICACACS  Building a topnotch security operations center (SOC) takes a lot of time and no matter how much money you are prepared to spend, the task is generally considered more of a marathon than a sprint.  Organizations should take a data-intensive approach called “Intelligence- driven security” to protecting critical information and business assets.  Organizations need to converge and create collaboration among Information Security, Risk Management, Customer Security Management and Corporate Protection and Investigation groups to achieve a more compound view of risk throughout the whole organization. Designing a SOC
  • 13. © ISACA 2016. All Rights Reserved. #AFRICACACS  Vulnerability-centric defense places focus on the “how” while threat centric defense focuses on the “who” and “what”.  Specifically, you must ask yourself who would they be interested in when attacking your network, and what would they stand to gain from such an action?  Threat-centric defense is much harder to perform than its predecessor. This is because it requires two things: extensive visibility into your network, and the ability to collect and analyze intelligence related to the intent and capability of attackers. Vulnerability-centric vs Threat-centric defense
  • 14. © ISACA 2016. All Rights Reserved. #AFRICACACS  When it comes to defining threats, ask the question - “What is the worst scenario that relates to the survivability of the organization?”  The answer must come straight from the Top Management.  With the identification of these threats, the security team should then dig deeper and narrow down to the underlying technologies.  You need to understand the infrastructure within the network by asking the right questions to the primary stakeholders involved. Define Threats- (Threat-centric security )
  • 15. © ISACA 2016. All Rights Reserved. #AFRICACACS  As Serianu, we use the following fundamental building blocks when designing our client’s SOC; Roadmap
  • 16. © ISACA 2016. All Rights Reserved. #AFRICACACS  People: While analyzing the people aspect in an organization, it’s important to look at the level of formal training, experience, level of expertise and Security awareness. It’s easy for top management to feel confident that their employees are well prepared to handle any security issue. Far too often, this is not the case. You find that these staff are too busy or are not equipped with the right skills and experience to maintain a far-reaching security strategy, and they react to problems rather than proactively managing layered security. Roadmap
  • 17. © ISACA 2016. All Rights Reserved. #AFRICACACS  Processes Existing processes within an organization need to be defined and where necessary documented. When it comes to SOC, defining repeatable incident triage and investigation processes standardizes the actions a SOC analyst takes and ensures no important tasks fall through the cracks.  Technology Understanding the underlying technology of an organization is key. This understanding will help determine the kind of attacks/exploits to expect, vulnerabilities and ways to mitigate. Roadmap
  • 18. © ISACA 2016. All Rights Reserved. #AFRICACACS  What type of SOC to acquire? A company can either outsource a SOC or operate one In-house.  An in-house SOC has the advantage that the staff know the environment better and have most potential to be most efficient. However, there is higher pressure to show ROI quickly and higher potential for collusion between analyst and attacker.  An outsourced SOC has less potential for collusion between monitoring team and attacker and the staff are unbiased. The biggest risk with this however is the risk of external data mishandling. Acquiring a SOC
  • 19. © ISACA 2016. All Rights Reserved. #AFRICACACS When Outsourcing a SOC:  About the company- Its reputation, customers and duration in business.  Stability of the company- How many systems can they monitor?  Staffing of the Company- What is the experience of its staff?  Sizing and costs  Contents of the SLA  Knowledge transfer In-house SOC  What tasks will the SOC perform?  Who will own and Manage it? What qualifications will they need?  Who will use the data collected and analysed? Fundamental Questions
  • 20. © ISACA 2016. All Rights Reserved. #AFRICACACS  As a vendor, my role and that of every analyst is to share our unique visibility of the information security field. Our clients are in a battle field without weapons defending themselves against an attacker who is armed with weapons. It’s up to us to ensure that we are not the point of weakness for the organizations we aim to protect. Role of the Vendor
  • 21. © ISACA 2016. All Rights Reserved. #AFRICACACS What are the Cost implications of Outsourcing(MSSP) verses operating a SOC In-house?
  • 22. © ISACA 2016. All Rights Reserved. #AFRICACACS The Business Case for Managed Security Services Managed Security Services Providers vs. SIEM Product Solutions http://www.solutionary.com/dms/solutionary/Files/whitepapers/MSSP_vs_SIEM.pdf
  • 23. © ISACA 2016. All Rights Reserved. #AFRICACACS  Defining Expectations and Scope  Defining Normal through Baselining  Threat Intelligence  Incident Handling Operating a SOC
  • 24. © ISACA 2016. All Rights Reserved. #AFRICACACS  Before starting any operations in the SOC, its Expectations paramount that the Executives and the SOC team meet up and clearly define the scope and expectations. Defining scope helps prevent unrealistic expectations from both sides. Reality Expectations and Scope
  • 25. © ISACA 2016. All Rights Reserved. #AFRICACACS  A SOC consolidates a lot of information from different sources and it’s the ability to differentiate what's normal from what is abnormal that will contribute to the general success of the SOC.  Start by understanding the network and processes of the Organization.  Clearly state the problem to be solved by the SIEM tool/SOC  Review the functionality of different components of the SOC i.e. SIEM tool/ Vulnerability management tools (rules, algorithms, reports and dashboards) that is needed to solve the problem.  Develop Use cases. Defining Normal through Baselining
  • 26. © ISACA 2016. All Rights Reserved. #AFRICACACS  What is Threat Intelligence?- The ability of a SOC to identify and update specific types of threat information that will help in detecting attacks. – Continuous monitoring to ensure that all the rules are working – Fine tuning the rule with time – Visualization on the dashboard – Drilling down on particular incidents – Reporting. Threat Intelligence
  • 27. © ISACA 2016. All Rights Reserved. #AFRICACACS Prevention Eventually fails  Identification: This phase deals with the detection and determination of whether a deviation from normal operations within an organization is an incident and its scope assuming that the deviation is indeed an incident.  Containment-Involve management at this point in time.  Eradication- Understand the attack vector and remove it permanently as well as cleanup any remnants from the attack.  Recovery- This is where you put systems back into production.  Lessons Learned- What are the main learning points derived. Incident Handling
  • 28. © ISACA 2016. All Rights Reserved. #AFRICACACS A good SOC analyst should possess (but not limited to) the following skills:  Offensive and Defensive Tactics- Penetration testing and security assessments.  Systems Administration - An adept understanding of Windows and Linux  Malware Analysis- Performing both dynamic and static analysis.  Host-Based Forensics- This knowledge is used to generate new indicators of compromise Qualities of a SOC Analyst
  • 29. © ISACA 2016. All Rights Reserved. #AFRICACACS  Organizations should not measure the effectiveness of SIEM by whether a compromise occurs, but rather, how effectively it is detected, analyzed, and escalated. Ultimately, instead of asking “why did this happen?”, the questions leadership should be asking your SOC team after a compromise are, “how quickly were we able to detect it, how quickly were we able to escalate it to response, and how we can adjust our SOC posture to be better prepared next time?” Measuring The Success of a SIEM
  • 30. © ISACA 2016. All Rights Reserved. #AFRICACACS  Embracing Security- Gartner projects that by 2020, 60% of budgets will be allocated to rapid detection and response approaches.  Paradigm of Fear: There are far much bigger risk that far outstrip the ones we’re focused on, risks that need to be dealt with in a more focused way. We need a change of an epical nature.  Fragmentation of the solution.  Change behavior- Intellectually we know that antivirus, malware sandboxes, firewalls and next generation firewalls won’t protect us but it’s still not translating into change behavior fast enough. Attitude Change
  • 31. © ISACA 2016. All Rights Reserved. #AFRICACACS To run a successful SOC, the following governance principles should be applied:  Invest in People: “Adversaries are not beating us because they have more technology, it’s because they’re more creative, patient, single minded and they explore limitless pathways”- RSA president Amit Yoran.  Emphasize Teamwork: cohesiveness helps promote a learning culture. Sustainable Governance
  • 32. © ISACA 2016. All Rights Reserved. #AFRICACACS  Provide Formalized Opportunities for Professional Growth  Reward Success- Acknowledge the efforts of those who contribute to the success of the SOC as this can be a monumental morale booster.  Exercise Servant Leadership- Give precedence to the needs of others by helping them achieve their mission for the prosperity of the organization. Sustainable Governance
  • 33. © ISACA 2016. All Rights Reserved. #AFRICACACS  Acquiring and maintaining a SOC takes a lot of money and it’s the company’s responsibility to ensure that value is gotten from these Centers.  Running a successful SOC is not a time affair. It takes time and correction of a lot of errors along the way. Mistakes will be made.  Finding and maintaining good analysts is also difficult.  Prevention eventually fails- you will be hacked.  Information Security is not a one person affair and as such, companies in the same industry need to collaborate, share information that will enable improved detection and prevention of attacks. Conclusion
  • 34. © ISACA 2016. All Rights Reserved. #AFRICACACS  Bejtlich, R. (2013). The practice of network security monitoring: understanding incident detection and response. No Starch Press.  Ben rothke. (2016). Rsaconferencecom. Retrieved 18 July, 2016, from https://www.rsaconference.com/writable/presentations/file_upload/tech-203.pdf  Sanders, C., & Smith, J. (2013). Applied network security monitoring: collection, detection, and analysis. Elsevier.  Torres alissa, T.A. (2016). Sansorg. Retrieved 18 July, 2016, from https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations- center-roadmap-35907  RSA Technical Brief, February 2013  Troels Oerting, CISO Barclays Bank-RSA Conference 2016  Amit Yoran, President RSA- RSA Conference 2016  Samir Kapuria, GM Cyber Security Services, Symantec-RSA Conference 2016 References and Further Reading
  • 35. © ISACA 2016. All Rights Reserved. #AFRICACACS Thank You!