National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Similar documents
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

RSA NetWitness Suite Respond in Minutes, Not Months

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

CYBER RESILIENCE & INCIDENT RESPONSE

Managed Endpoint Defense

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

SECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?

to Enhance Your Cyber Security Needs

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

TRUE SECURITY-AS-A-SERVICE

RSA INCIDENT RESPONSE SERVICES

SECURITY SERVICES SECURITY

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

esendpoint Next-gen endpoint threat detection and response

RSA INCIDENT RESPONSE SERVICES

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Are we breached? Deloitte's Cyber Threat Hunting

Click to edit Master title style. DIY vs. Managed SIEM

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

SIEM Solutions from McAfee

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

NEXT GENERATION SECURITY OPERATIONS CENTER

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Securing Your Digital Transformation

Managing Microsoft 365 Identity and Access

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

ForeScout Extended Module for Splunk

Integrated, Intelligence driven Cyber Threat Hunting

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

MITIGATE CYBER ATTACK RISK

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Cyber Resilience. Think18. Felicity March IBM Corporation

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Cyber Resilience - Protecting your Business 1

RSA ADVANCED SOC SERVICES

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

MANAGED DETECTION AND RESPONSE

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Sage Data Security Services Directory

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

The Critical Incident Response Maturity Journey

Continuous protection to reduce risk and maintain production availability

Emerging Issues: Cybersecurity. Directors College 2015

Protecting organisations from the ever evolving Cyber Threat

External Supplier Control Obligations. Cyber Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

PALANTIR CYBERMESH INTRODUCTION

Managed Detection and Response

Novetta Cyber Analytics

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

THE EVOLUTION OF SIEM

SIEM (Security Information Event Management)

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

GDPR: An Opportunity to Transform Your Security Operations

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Introducing Cyber Observer

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Defining cybersecurity.

Cyber Analyst Academy. Closing the Cyber Security Skills Gap.

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Resolving Security s Biggest Productivity Killer

Reserve Bank of India Cyber Security Framework

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

The Resilient Incident Response Platform

CloudSOC and Security.cloud for Microsoft Office 365

Deep Instinct v2.1 Extension for QRadar

BHConsulting. Your trusted cybersecurity partner

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

securing your network perimeter with SIEM

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Active defence through deceptive IPS

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

BUILDING AND MAINTAINING SOC

Canada Life Cyber Security Statement 2018

Security

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Cybersecurity Auditing in an Unsecure World

Total Security Management PCI DSS Compliance Guide

Transcription:

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC

Cyber attacks are no longer a matter of if.. but a matter of when. We also have to understand that; Attacks can never be fully prevented Organizations should advance their detection capabilities so they can respond appropriately

What is a Cyber Security Operations Center (CSOC)?

A valuable resource for security incident detection. It is a facility that houses an information security team that is responsible for monitoring and analysing an organization s security posture on an ongoing basis The SOC team s goal is to detect, analyse, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes SOCs are typically staffed with security analysts and engineers as well as managers who oversee security operations SOC staff works closely with incident response teams of participating organisations to ensure security issues are addressed quickly upon discovery SOCs monitor and analyse activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for suspicious activity that could be indicative of a security incident or compromise In summary a SOC is responsible for ensuring that potential security incidents are correctly identified, analysed, defended, investigated, and reported

How does a CSOC Work? A SOC does not engage in developing security strategy, design security architecture, or implement protective measures Instead a SOC focusses on ongoing, operational component of enterprise information security Additional capabilities of some SOCs can include advanced forensic analysis, and malware reverse engineering to analyse incidents Typical SOC infrastructure includes firewalls, IPS/IDS, breach detection solutions, probes, and a security information and event management (SIEM) system Technology should be in place to collect data via data flows, telemetry, packet capture, syslog, and other methods so that data activity can be correlated and analysed by SOC staff The SOC also monitors networks and endpoints for vulnerabilities in order to protect sensitive data and comply with industry or government regulations

Benefits of Having a Cyber Security Operations Center The key benefit of having a SOC is the improvement of security incident detection through continuous monitoring and analysis of data activity By analysing this activity across an organization s networks, endpoints, servers, and databases around the clock, a SOC team is well placed to ensure timely detection and response of security incidents The 24/7 monitoring provided by a SOC gives organizations an advantage to defend against incidents and intrusions, regardless of source, time of day, or attack type The gap between attackers time to compromise and an organisations time to detection is very small A SOC helps organizations close this gap and stay on top of the threats facing their environments

Benefits of Having a Cyber Security Operations Center A SOC continuously manages known and existing threats while working to identify emerging risks SOC keeps up with the latest available threat intelligence and leverages this information to improve internal detection and defence mechanisms SOC uses logs from participating organizations and correlates it with information from a number of external sources that deliver insight into threats and vulnerabilities External cyber intelligence includes news feeds, signature updates, incident reports, and vulnerability alerts from various sources This helps the SOC to keep up with evolving cyber threats SOC constantly feed this threat intelligence into SOC monitoring tools to keep up to date with threats, and the SOC has processes in place to discriminate between real threats and non-threats

Q & A?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback