The document discusses moving security operations from a traditional reactive model to a proactive model called SOC 3.0. SOC 3.0 leverages vast amounts of data from both internal and external sources, including social media, dark web monitoring, business intelligence, and technical data. By analyzing patterns in this diverse data, SOC 3.0 aims to provide strategic threat intelligence rather than just responding to incidents. The key is gaining a fundamental understanding of the business to interpret technical data within the proper context. Outsourcing SOC services can help organizations gain the benefits of this approach without the cost and challenges of building extensive in-house security operations capabilities.

1. Presented by: Jamal Elmellas
Technical Director
SOC 3.0: strategic threat
intelligence
May 5th, 2016

2. Harnessing The Noise
 We need to move away from traditional
thinking
 Including SIEMS, SOC’s and the
traditional reactive security model
 We need to harness the huge pools of
data
 We need to forget Threat Intelligence
and think Business Intelligence.
 Businesses should be harnessing
all the noise available to us –
 Social Media
 Darkweb
 Media
 Market Analysis
 Technical Landscape
 Sector
 Internal Noise

3. Harnessing The Noise
 We have access to rapid and elastic
compute like never before, what does
this mean?
 Tools are slowly moving away from
traditional thinking
 Every action has a foot print
 Automation is key to providing the tools
to combat collaborative hacking groups
 Making use of the vast amounts of
“noise” is imperative to the success
of a pro-active SOC strategy

4. Cyber Design and
Implementation
Risk, Threat and
Compliance Management
Cyber Monitoring and
Intelligence
 To do this we need to acknowledge that
fundamental business understanding is
mandatory
 Forget focusing on technology, this is just
one piece of the puzzle
 Business data must be identified and
retrieved on every facet of activity –
 Regional
 Sector
 Legislation
 Corporate Image and News
 Technology trends and decisions
 Corporate strategy and planning
 When combined with in-depth technical,
historic security data and trends, we begin to
develop a pattern
 The key is understanding those patterns, if
we do, welcome to business intelligence!
 But in reality, what does this look
like?
Cyber Journey Stages
Looking Forward

5. C
Looking Forward
24/7 SOC Service with
Threat and Business
Intelligence
9-5 and 24/7 MCSS
24/7 SOC Service with
Threat Intelligence
 Utilise every feed/source we think will
assist in showing a pattern in
vulnerability, threat level, and
increased risk.
 Leverage every tool we have, this
includes internal business data such as
recruitment patterns, social media,
governance and policy trends etc.
 Blend:
 Business data
 Internal Technology data
 External Technology and trend data
 Identify patterns, monitor change,
feedback and learn.
 There is no silver bullet or crystal ball,
but leveraging what we do have lots of
– data, we can start to think and
behave differently to emerging threats.
 Think Business Intelligence!
Security Operations Centre
‘Compass’

6. Living Without a SOC
 A SOC Solution may not always be
feasible
 Creating the benefits achieved from a
SOC without the required tools or
expertise will be very difficult
 Effective logging and suitable personnel
and procedures can provide some
comfort, but it’s likely to be a placebo
 SOC services combined with Threat and
Business Intelligence are the only
hope we currently have
 Leveraging existing expertise and
resources can reduce the cost of a
SOC considerably

7. SOC 3.0 challenges
for the enterprise
 Building and maintaining a SOC
inhouse can be expensive, time
consuming and difficult to maintain
 Data pooling from dynamic and deep
data sources requires high processing
power
 Analysing data requires significant
expertise best delivered by security
analysts who are able to spot and
interpret emerging patterns
 SOC 3.0 is about more than
technology: it’s about how widely the
net is thrown, how data is captured,
and how it is analysed and interpreted
into actionable intelligence

8. SOC 3.0 tools and
processes  Outsourcing SOC services can deliver
all the benefits of next generation
threat hunting without the overheads
 Key features to look for:
 SIEM
 Managed Security Services
 Integrated incident management
 Threat intelligence feeds
 Threat management and compliance
 Continuous learning
 Event source monitoring
 Event log and network flow data consolidation
 Comprehensive extensible analytics
 Network, visualisation and application intelligence
 Identity and location intelligence
 Configuration and change monitoring
 Database security, availability and anomalous
activity monitoring
 Layer 7 rules engine
 Real-time and historical cross correlation
 Event log data integrity secured by HMAC
 Analytics for real-time correlation and alerting
 Automatic discovery
 SOC as a Service can also provide
additional benefits such as scalability
and advanced predictive analytics for
threat forecasting

9. Jamal Elmellas – Technical Director
Aurigaconsulting.com
About Auriga
Auriga Consulting Ltd, a center of excellence
in Cyber Security, Assurance and Monitoring
Services, with a renowned track record of
succeeding where others have failed.
As a trusted supplier to many high profile
Government Departments, Agencies and Private
Sector organisations Auriga offers clients
a cyber protection journey from design
through to continuous monitoring...