Security Operation Center

We offer completed and integrated Security Operation Center solution. We build your SOC and run it for you

Top business issue and drivers addressed by SOC

1) Reduce risk and downtime

2) Enhance threat control and prevention

3) Identify people and responsibilities

4) Ease administrative overhead

5) Determine Escalation path

6) Support audit and compliance objectives

7) provide incident response and recovery

 

The broader aspects of SoC

 Enables organizations to clearly understand

-Who has access to what within their IT environment?

-What is happening in that environment?

-What actions need to be taken based on this information

 

Security information management

    current problem of the organizations:

 - Compliance:

Monitor and validate regulatory compliance

 - Business continuity:

Proactively contain the increasing threats and vulnerabilities

 - Operational Efficiencies and Enablement: 

Manage millions of events (reduce noise) and manage key security threats for business critical assets

 - Align security to business

 

     The solution

 - Collect, Analyze, and respond through security information management

 - End to end security information management: collection through analysis, remediation, reporting and forensics

 - Establish knowledge of internal vulnerabilities and network exploits

 - Help demonstrate compliance with industry and regulatory standards

 

The main functions of a SOC

1. Real-time monitoring/management

       - Aggregate logs

       - Aggregate more than logs

       - Coordinate response and remediation

       - Bird eye view from security perspective

2. Reporting/ custom views

       - Security professionals

       - Executives

       - Auditors

       - Consistent

3. After-Action Analysis

       - Forensics

       - Investigation

 

Virtues of a SOC: Cost efficiency, measurable improvements in availability, lower risk, relevance to the business, transparency, passing audits, consistency, reproduce-ability.

 

 Prioritization and remediation

     1) Deal with what's most relevant to the business first!

     2) Gather asset data

     3) Gather business priorities

     4) Understand the business context of an incident

 

Break- down  the IT silos

      1) Coordinate responses

      2) inform all who need to know of an incident

      3) Work with existing ticketing/ work flow systems

 

    Threat *weakness* business value = Risk

    Deal with business risk

 

Investigation and forensics

     1) Being able to investigate and manipulate data

     2) Visualization

     3) Post-event correlation

     4) Managing by case/incident

     5) Chain of custody

     6) Integrity of data

 

Analogy to record keeping

     - Primary and secondary logs

       Some logs are more important than others- how are these identified, marked and maintained?

    - Archival procedures

    - Conscious policy on maintenance of logs and procedures for "destruction"

    - Retention of data

    - Reproduce-ability of information.