NEXT GENERATION SECURITY OPERATIONS CENTER

Similar documents
SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

deep (i) the most advanced solution for managed security services

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

locuz.com SOC Services

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

to Enhance Your Cyber Security Needs

ForeScout Extended Module for Splunk

AKAMAI CLOUD SECURITY SOLUTIONS

ForeScout ControlFabric TM Architecture

in collaboration with

MITIGATE CYBER ATTACK RISK

FOR FINANCIAL SERVICES ORGANIZATIONS

Symantec Security Monitoring Services

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Securing Your Digital Transformation

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

SIEM Solutions from McAfee

RSA NetWitness Suite Respond in Minutes, Not Months

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

SIEMLESS THREAT DETECTION FOR AWS

Vulnerability Assessments and Penetration Testing

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

align security instill confidence

Reinvent Your 2013 Security Management Strategy

Accelerate Your Enterprise Private Cloud Initiative

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cybersecurity Auditing in an Unsecure World

The threat landscape is constantly

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Introducing Cyber Observer

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

SIEM: Five Requirements that Solve the Bigger Business Issues

Reducing the Cost of Incident Response

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Security-as-a-Service: The Future of Security Management

Building a Resilient Security Posture for Effective Breach Prevention

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

SECURITY SERVICES SECURITY

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Security Information & Event Management (SIEM)

Security. Made Smarter.

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

RSA INCIDENT RESPONSE SERVICES

The Resilient Incident Response Platform

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

BUILDING AND MAINTAINING SOC

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

RSA INCIDENT RESPONSE SERVICES

From Managed Security Services to the next evolution of CyberSoc Services

CTI Capability Maturity Model Marco Lourenco

Unlocking the Power of the Cloud

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

GDPR Update and ENISA guidelines

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Operationalizing the Three Principles of Advanced Threat Detection

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Securing Digital Transformation

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

White Paper. How to Write an MSSP RFP

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Traditional Security Solutions Have Reached Their Limit

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Building Resilience in a Digital Enterprise

4/13/2018. Certified Analyst Program Infosheet

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Preparing your network for the next wave of innovation

Cyber Security Technologies

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Cisco Start. IT solutions designed to propel your business

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

HOSTED SECURITY SERVICES

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Managed Endpoint Defense

Transcription:

DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS

DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting your information assets from next generation of threats... DTS Solution Professional Services team can help your organization strategize, develop and build a Next Generation Security Operations Center SOC 2.0 to protect your information assets whilst counteracting the ever changing threat landscape. In the past, large corporations have implemented traditional security operations centers as a means to maintain visibility regarding their information security posture. The most popular model has centered on building large command centers, where numerous analysts work side by side to assess real-time security data and manually respond to it. This is what is referred to as SOC 1.0. Although this model has proven effective, the days of SOC 1.0 are numbered. With the threat landscape ever changing within the cyber world, next generation of threats and attack vectors surfacing; information assets are more vulnerable than ever before. Organizations are now having to accept that a shift in paradigm of Information Security Operations and Maintenance needs to be implemented to keep one step ahead of the intruders. This has led to organizations to invest heavily in protecting their information assets perimeter wide - utilizing multiple security platforms such as next generation firewalls, intrusion prevention systems, data leakage prevention devices, endpoint security etc. The huge level of investments made by CIO s has not necessarily translated into better protection or mitigation of information theft. Year 2011 has seen a vast number of major security breaches across major corporations and industries proving that as information security awareness continues to rise the shortfalls in proactive monitoring maintenance, management and threat mitigation of security still remains. With the vast number of information security breaches and the increased number of high profile and well publicized security incidents have left many executives, security professionals wondering how effective the deployed controls have been. It is difficult to imagine these large corporations (needless to mention them) did not have security mechanisms and controls in place. Indeed they did, but the matter of fact is, investing in security infrastructure to protect your assets does not by default entitle you with protection. Information security needs to be built as a process that becomes the core of any organization. Developing and building a Security Operations Center 2.0 practice around this exact process empowers your organization to augment the different

DTS SOLUTION SOC 2.0 - Success Factors Given today s economic challenges, building, developing and operating a SOC is a difficult financial proposition that is somewhat not easy to justify. In fact, SOC centers were originally designed to reduce the cost of security incidents by bringing numerous security engineers and analysts into a single space that can collaborate and react to the incidents that may involve multiple systems. But times have changed, threats have evolved, emerging technologies are now maturing, and there are now better ways to accomplish the SOC tasks by complimenting physical presence with virtual presence. Several factors are driving the next generation SOC, including the transformation of the network operations center (NOC). The conventional NOC is designed to monitor network-level events and provide level-one triage and troubleshooting for corporate networks. But as companies begin to build more robust, agile and dynamic ITIL-based unified operations centers that will support and complement some security operations functions, it means tier-one and tier-two security operations can be collapsed and handled in the operations center. Typically tier-one and tier-two security operations does not necessarily require in-depth skill-set and as a result shared resources working as part of a virtual SOC team can be organized. Furthermore SOC 2.0 focuses on the overall contextual correlation and situation awareness of IT assets as security risks and threats evolve within an organization. Dynamic risk profiling based on events received and incidents detected, correlation of multiple log events from different security systems, network forensics and analytics are all key components of SOC 2.0. Traditional SOC centers have predominantly focused on decentralized event management systems that are unique for each technology vendor. Traditional SOC would host silos of event management systems; each collecting and displaying logs from the different systems. SOC 2.0 emphasizes on the deployment of a centralized Security Information and Event Management (SIEM) solution where all the technology systems, devices and assets can send information, logs, and events; whilst providing enhanced correlation features and risk and offense categorization that is based on dynamic understanding of the context and asset in question. SIEM 2.0 is driving this evolution forward that really forms the core hub of SOC 2.0 concept. It will be essential to consider the following three steps when building your People SOC 2.0: Identify the core people. As mentioned previously virtual team makeup will not be the traditional SOC 1.0 engineers, but rather highly trained and experienced security and risk professionals. These VSOC (Virtual SOC) operators must be more experienced and better trained than NOC engineers. They must be security specialists with specific hands-on skills, such as firewalls, VPNs, and IDS/IPS, and security architects who are domain-specific designers working on the overall information security strategy. Training and experience have increased priority. Also, this provides an incentive that benefits employee retention initiates, as VSOC engineers still get to be involved in InfoSec community.

DTS SOLUTION Technology Identify the core emerging technologies facilitating SOC 2.0. Security information and event management (SIEM 2.0) tools will be the core technical component of SOC 2.0, acting as the information repository necessary for delivering on the VSOC vision. It s important for these information management tools to be easy to use and intuitive; they must also have a Web interface that can be accessed from any browser in the world, as a VSOC engineer could be based anywhere in the world at the time of an incident. Other tools that will be important to SOC 2.0 are network monitoring tools, which provide insight into the state of the network and computer forensic and analytic tools to provide deep investigation into incidents that have moved beyond the service center. This toolset is sometimes referred to as NAV or Network Analysis and Visibility. Understanding attack modeling in a complex environment requires determining which systems, people and processes have access to valuable information also known as situational awareness is an important component of SOC 2.0. Once the threat surface is modeled, organizations can then determine potential attack vectors and examine defense steps to isolate compromised access points efficiently and quickly. Self- learning and predictive analysis also form an important component of enabling SOC 2.0. To remain relevant in tomorrow s IT environment, a SOC will need to truly integrate compliance monitoring and risk management. The system should continually monitor the environment to identify typical states which can then be applied to identify problematic patterns early. Statistic-based predictive modeling will be able to help correlate various alerts. Developing such a system will require real-time behavior analysis innovations, although some of these elements are available today. Automated, risk-based decision systems provide contextual based dynamic risk mitigation. A key differentiator of a more intelligent SOC will be its ability to assess risks instantly and vary responses accordingly. Similar to risk-based authentication, the SOC will employ predictive analytics to find high-risk events and then automatically initiate remediation activities. The prospect of dynamic typography is one of the most exciting areas of this type of systems automation for the cloud. To implement an APT, an attacker must understand network mapping and be able to model it. In response to this, organizations can remap their entire network infrastructure to disrupt an attacker s reconnaissance efforts. This is akin to physically rearranging a city at frequent intervals - and the entire process can be automated so that links between systems stay intact and dependencies are handled without human intervention. Process VSOC vs. the operations center, and to come to an agreement on how responsibilities are to be divided between IT security management and IT operations. SOC 2.0 must be aligned and integrated into the business process of an organization that is centered around information security principles that drive protection of valuable assets. The developed SOC 2.0 operations framework must integrated into the Risk Management, Business Continuity, Compliance and Governance processes; whilst ensuring Incident Response and Escalation procedures are well defined, Change Management, Alert and Notification policies are clearly communicated to business units. Identify the core responsibilities and processes. The success of SOC 2.0 and the transition from the traditional SOC to the VSOC depends on the ability to transfer day-to-day security tasks to the operations center. The command center within the operations center must be able to mitigate tier-one and tier-two security incidents and recognize when to escalate tier-three incidents to the VSOC. It s therefore imperative to identify the core responsibilities of the

DTS SOLUTION SOC 2.0 Emerging Technologies SOC 2.0 Functional Components SIEM 2.0 - Security Intelligence Vulnerability Management Incident Response Platform

DTS SOLUTION Contact Details DTS Solution Office 61, Oasis Center Sheikh Zayed Road Dubai, UAE PO BOX 128698 Tel: +971 43383365 Fax: +971 43383367 Email: sales@dts-solution.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback