State of Security Operations

Similar documents
Key Findings from the 2017 State of Security Operations Report January 26, 2017 Today s Speaker:

Cyber Defense Centers only for large companies?

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

ArcSight Activate Framework

Bridging the gap: SOC and CSIRT

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Countering the Insider Threat: Behavioral Analytics Security Intelligence Cell (BASIC)

Department of Management Services REQUEST FOR INFORMATION

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Securing Your Digital Transformation

RSA NetWitness Suite Respond in Minutes, Not Months

Protecting organisations from the ever evolving Cyber Threat

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Reinvent Your 2013 Security Management Strategy

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Building a Complete Program around Data Loss Prevention

CERT Overview. Jeffrey J. Carpenter 2008 Carnegie Mellon University

From Managed Security Services to the next evolution of CyberSoc Services

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

locuz.com SOC Services

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

A Risk Management Platform

BUILDING AND MAINTAINING SOC

GDPR: An Opportunity to Transform Your Security Operations

Designing and Building a Cybersecurity Program

The Critical Incident Response Maturity Journey

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Manchester Metropolitan University Information Security Strategy

ArcSight priority formula

Sustainable Security Operations

4/13/2018. Certified Analyst Program Infosheet

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Readiness, Response & Resilence:

CAPM & PMP Exam Preparation Boot Camp

CyberSecurity Internships The Path to Meeting Industry Need

Security Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017

Think Like an Attacker

Building a Resilient Security Posture for Effective Breach Prevention

SESSION 802 Friday, November 3,10:15am - 11:15am Track: The Generalist

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Symantec Security Monitoring Services

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Click to edit Master title style. DIY vs. Managed SIEM

Consolidation Committee Final Report

CCISO Blueprint v1. EC-Council

Triage & Collaboration. Improving a major bank s cyber threat security posture

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting

Automated Threat Management - in Real Time. Vectra Networks

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Combating Cyber Risk in the Supply Chain

OWASP CISO Survey Report 2015 Tactical Insights for Managers

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Tuning HP ArcSight ESM prioritization

National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018

Keeping Your SOCs Full. May 26, Strengthening Capacity in Cyber Talent sans.org/cybertalent

THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION

Water Information Sharing and Analysis Center

RELEVANT IMPACT: Building a Successful Threat Management Program. NTX ISSA 3 rd Semi-Annual Cyber Security Conference

The Resilient Incident Response Platform

Security Metrics Framework

FOR FINANCIAL SERVICES ORGANIZATIONS

Building UAE s cyber security resilience through effective use of technology, processes and the local people.

The Fine Art of Creating A Transformational Cyber Security Strategy

CompTIA Cybersecurity Analyst+

Enabling Security Controls, Supporting Business Results

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Symantec Data Center Transformation

Threat Hunting in Modern Networks. David Biser

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Integrated, Intelligence driven Cyber Threat Hunting

Jan Nys GM Cyber Security

Update on the Key Initiatives Recommended by NTT Data regarding the Agency Cyber Security Framework

The Confluence of Physical and Cyber Security Management

RiskSense Attack Surface Validation for IoT Systems

SIEM: Five Requirements that Solve the Bigger Business Issues

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Incident Response Agility: Leverage the Past and Present into the Future

Annexure 08 (Profile of the Project Team)

NEXT GENERATION SECURITY OPERATIONS CENTER

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

Adaptive & Unified Approach to Risk Management and Compliance via CCF

IT Security: Managing a New Reality

CTI Capability Maturity Model Marco Lourenco

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

STRATEGIC PLAN

CYBERSECURITY MATURITY ASSESSMENT

Transcription:

State of Security Operations Roberto Sandoval / September 2014

Security Intelligence & Operations Consulting Founded: 2007 The best in the world at building state of the art security operations capabilities/cyber defense programs. SIOC hp.com/go/sioc Experience 35+ SOC builds 100+ SOC assessments 30+ SIOC consultants worldwide Over 100 years of cumulative SOC experience Solution approach People, process & technology Accelerated success Mature project methodology Best practices Extensive intellectual capital 2

State of Security Operations 2014 Publish date: January 28, 2014 First-of-its-kind industry report Based on 5 years of assessment data -93 assessments performed in 13 countries Key findings Customer examples Industry-specific statistics and findings Assessment methodology People, process, technology, and business 3

Assessment scope Technology Process Threat intel Firewall Network HP ArcSight IDS/IPS People Level 1 Level 2 Incident handler Application, network & system owners Business stakeholders Proxy server SIEM Web server ArcSight Engineer KPIs & ROI 4

Assessment methodology Business People Process Technology Mission Accountability Sponsorship Relationship Deliverables Vendor engagement Facilities Training Certifications Experience Skill assessments Career path Leadership Operational processes Analytical processes Business processes Technology processes Architecture Data collection Monitoring Correlation Infrastructure planning 5

Maturity and capability levels Assessment methodology Maturity & capability levels Quantitative assessment of business, people, process and technology Level 0 Incomplete Level 1 Performed Level 2 Managed Level 3 Defined Level 4 Measured Level 5 Optimized Based on Carnegie Mellon Software Engineering Institute s - Capability Maturity Model for Integration (SEI-CMMI) Year-to-year trends and comparisons across industries 6

SOC Discovery Assessment Industry comparison Tech Process SOMM Level 2.50 2.00 1.50 1.00 0.50 0.00 People Business Company A Average Current Phase 1 Phase 2 Phase 3 Timeline 6 mos 1 yr 2 yr SOMM Target 1.6 2.0 2.5 3.0 Maturity Assessment Score Business 2.44 Mission 1.86 Accountability 1.21 Sponsorship 2.18 Relationship 2.15 Deliverables 3.00 Vendor Engagement 2.67 Facilities 1.27 People 1.82 General 1.98 Training 2.61 Certifications 1.58 Experience 2.00 Skill Assessments 0.88 Career Path 1.92 Leadership 1.50 Process 0.63 General 2.01 Operational Process 1.67 Analytical Process 0.00 Business Process 0.00 Technology Process 0.00 Comments 7 Use Cases Logging Perimeter, compliance Insider Threat, APT Application Monitoring Staffing Ad hoc 4 x L1, 1x L2 8 x L1, 2x L2 12 x L1, 2x L2, 2x L3 Coverage 8x5 8x5 12x7 24x7 Technology 2.60 Architecture 1.54 Data Collection 3.69 Monitoring 1.50 Correlation 1.37 General 2.13 Overall SOMM Level 1.69

Totals through November 2013 Average SOMM Level 5 4 3 2 1.63 Average of Technology 1.81 1 0 1.66 Average of People 1.52 Average of Process 8

Totals through November 2013 9

Totals through November 2013 10

Totals through November 2013 11

Challenge #1: Lack of organizational support SOCs do not operate in a vacuum SOCs must interact with every part of the organization they are monitoring & protecting Without an executive sponsor and support of the SOC s mission from the entire organization, a SOC will be ineffective 12

Challenge #2: Over reliance on technology Organizations often spend most of their security budget on technology. This results in improperly staffed/skilled operations teams Staffing the proper skills is required to achieve the goals of the organization Human analytical capability is required to detect and respond to modern threats 13

Challenge #3: Basics are overlooked The basics of IT security are extremely important and commonly overlooked Asset management, user ID administration, information classification and vulnerability management Centralization and correlation of these data feeds in a SIEM is essential for basic capabilities of a security organization 14

Challenge #4: Focus on compliance Compliance does not equal security Compliance is a side effect of a highly capable threat detection function; effective detection does not result from compliance alone 15

Challenge #5: Set it and forget it Organizations often spend a lot of resources building up a security operations capability but focus crumbs after the first goals are achieved Continuity of focus must continue as a SOC ages in order to ensure effectiveness over time 16

Challenge #6: Inability to prioritize It is difficult and costly to protect everything A successful SOC requires clear priorities determined by a risk-based approach 17

For more information Attend these sessions Tuesday, 5:00 pm, BB3055 5G/SOC: How the world's most advanced SOCs are leading the way Wednesday, 5:10 pm, BB3269 Analysts assemble! Tips for successful security analyst recruitment, assessment, and retention Thursday, 10:00 am, PN3268 Beyond real-time: Finding advanced threats with advanced analytics Visit these demos DEMO3546 HP Security Operations Center DEMO301 Hunting Cyber Criminals DEMO302 Succeed with SIEM After the event Contact your sales rep HP Security Intel & Ops Consulting: http://hp.com/go/sioc Report: hp.com/go/stateofsecops Blog: hp.com/go/securityproductsblog SOC Maturity Assessment Solution brief: http://h20195.www2.hp.com/v2/getd ocument.aspx?docname=4aa4-4144enw&cc=us&lc=en 18

Please give me your feedback Session BB3260 Speaker Roberto Sandoval Please fill out a survey. Hand it to the door monitor on your way out. Thank you for providing your feedback, which helps us enhance content for future events. 19

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback