The document discusses moving security operations from a traditional reactive model to a proactive model called SOC 3.0. SOC 3.0 leverages vast amounts of data from both internal and external sources, including social media, dark web monitoring, business intelligence, and technical data. By analyzing patterns in this diverse data, SOC 3.0 aims to provide strategic threat intelligence rather than just responding to incidents. The key is gaining a fundamental understanding of the business to interpret technical data within the proper context. Outsourcing SOC services can help organizations gain the benefits of this approach without the cost and challenges of building extensive in-house security operations capabilities.
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
SOC 3.0: strategic threat intelligence May 2016
1. Presented by: Jamal Elmellas
Technical Director
SOC 3.0: strategic threat
intelligence
May 5th, 2016
2. Harnessing The Noise
We need to move away from traditional
thinking
Including SIEMS, SOC’s and the
traditional reactive security model
We need to harness the huge pools of
data
We need to forget Threat Intelligence
and think Business Intelligence.
Businesses should be harnessing
all the noise available to us –
Social Media
Darkweb
Media
Market Analysis
Technical Landscape
Sector
Internal Noise
3. Harnessing The Noise
We have access to rapid and elastic
compute like never before, what does
this mean?
Tools are slowly moving away from
traditional thinking
Every action has a foot print
Automation is key to providing the tools
to combat collaborative hacking groups
Making use of the vast amounts of
“noise” is imperative to the success
of a pro-active SOC strategy
4. Cyber Design and
Implementation
Risk, Threat and
Compliance Management
Cyber Monitoring and
Intelligence
To do this we need to acknowledge that
fundamental business understanding is
mandatory
Forget focusing on technology, this is just
one piece of the puzzle
Business data must be identified and
retrieved on every facet of activity –
Regional
Sector
Legislation
Corporate Image and News
Technology trends and decisions
Corporate strategy and planning
When combined with in-depth technical,
historic security data and trends, we begin to
develop a pattern
The key is understanding those patterns, if
we do, welcome to business intelligence!
But in reality, what does this look
like?
Cyber Journey Stages
Looking Forward
5. C
Looking Forward
24/7 SOC Service with
Threat and Business
Intelligence
9-5 and 24/7 MCSS
24/7 SOC Service with
Threat Intelligence
Utilise every feed/source we think will
assist in showing a pattern in
vulnerability, threat level, and
increased risk.
Leverage every tool we have, this
includes internal business data such as
recruitment patterns, social media,
governance and policy trends etc.
Blend:
Business data
Internal Technology data
External Technology and trend data
Identify patterns, monitor change,
feedback and learn.
There is no silver bullet or crystal ball,
but leveraging what we do have lots of
– data, we can start to think and
behave differently to emerging threats.
Think Business Intelligence!
Security Operations Centre
‘Compass’
6. Living Without a SOC
A SOC Solution may not always be
feasible
Creating the benefits achieved from a
SOC without the required tools or
expertise will be very difficult
Effective logging and suitable personnel
and procedures can provide some
comfort, but it’s likely to be a placebo
SOC services combined with Threat and
Business Intelligence are the only
hope we currently have
Leveraging existing expertise and
resources can reduce the cost of a
SOC considerably
7. SOC 3.0 challenges
for the enterprise
Building and maintaining a SOC
inhouse can be expensive, time
consuming and difficult to maintain
Data pooling from dynamic and deep
data sources requires high processing
power
Analysing data requires significant
expertise best delivered by security
analysts who are able to spot and
interpret emerging patterns
SOC 3.0 is about more than
technology: it’s about how widely the
net is thrown, how data is captured,
and how it is analysed and interpreted
into actionable intelligence
8. SOC 3.0 tools and
processes Outsourcing SOC services can deliver
all the benefits of next generation
threat hunting without the overheads
Key features to look for:
SIEM
Managed Security Services
Integrated incident management
Threat intelligence feeds
Threat management and compliance
Continuous learning
Event source monitoring
Event log and network flow data consolidation
Comprehensive extensible analytics
Network, visualisation and application intelligence
Identity and location intelligence
Configuration and change monitoring
Database security, availability and anomalous
activity monitoring
Layer 7 rules engine
Real-time and historical cross correlation
Event log data integrity secured by HMAC
Analytics for real-time correlation and alerting
Automatic discovery
SOC as a Service can also provide
additional benefits such as scalability
and advanced predictive analytics for
threat forecasting
9. Jamal Elmellas – Technical Director
Aurigaconsulting.com
About Auriga
Auriga Consulting Ltd, a center of excellence
in Cyber Security, Assurance and Monitoring
Services, with a renowned track record of
succeeding where others have failed.
As a trusted supplier to many high profile
Government Departments, Agencies and Private
Sector organisations Auriga offers clients
a cyber protection journey from design
through to continuous monitoring...