Security Operation Center
We offer completed and integrated Security Operation Center solution. We build your SOC and run it for you
Top business issue and drivers addressed by SOC
1) Reduce risk and downtime
2) Enhance threat control and prevention
3) Identify people and responsibilities
4) Ease administrative overhead
5) Determine Escalation path
6) Support audit and compliance objectives
7) provide incident response and recovery
The broader aspects of SoC
Enables organizations to clearly understand
-Who has access to what within their IT environment?
-What is happening in that environment?
-What actions need to be taken based on this information
Security information management
current problem of the organizations:
- Compliance:
Monitor and validate regulatory compliance
- Business continuity:
Proactively contain the increasing threats and vulnerabilities
- Operational Efficiencies and Enablement:
Manage millions of events (reduce noise) and manage key security threats for business-critical assets
- Align security to business
The solution
- Collect, Analyze, and respond through security information management
- End to end security information management: collection through analysis, remediation, reporting and forensics
- Establish knowledge of internal vulnerabilities and network exploits
- Help demonstrate compliance with industry and regulatory standards
The main functions of a SOC
1. Real-time monitoring/management
- Aggregate logs
- Aggregate more than logs
- Coordinate response and remediation
- Bird eye view from security perspective
2. Reporting/ custom views
- Security professionals
- Executives
- Auditors
- Consistent
3. After-Action Analysis
- Forensics
- Investigation
Virtues of a SOC: Cost efficiency, measurable improvements in availability, lower risk, relevance to the business, transparency, passing audits, consistency, reproduce-ability.
Prioritization and remediation
1) Deal with what's most relevant to the business first!
2) Gather asset data
3) Gather business priorities
4) Understand the business context of an incident
Break-down the IT silos
1) Coordinate responses
2) inform all who need to know of an incident
3) Work with existing ticketing/ work flow systems
Threat *weakness* business value = Risk
Deal with business risk
Investigation and forensics
1) Being able to investigate and manipulate data
2) Visualization
3) Post-event correlation
4) Managing by case/incident
5) Chain of custody
6) Integrity of data
Analogy to record keeping
- Primary and secondary logs
Some logs are more important than others- how are these identified, marked and maintained?
- Archival procedures
- Conscious policy on maintenance of logs and procedures for "destruction"
- Retention of data
- Reproduce-ability of information.