SlideShare a Scribd company logo

Security Operations Center SOC OCTUBRE 2023

D
DavidOrjedaSinche1

SOC.pdf

Engineering
1 of 21
Download to read offline
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Six essential ingredients of a modern Security Operations Center (SOC) Presented by Rafeeq Rehman October 28, 2023
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Six Essential Ingredients
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 1. People Hiring and retention - the highest issue Skill gaps - train, borrow, buy? The 2022 ISACA Report on State of Cybersecurity explored skills gaps among Cybersecurity professionals. The biggest skill gap identified in the report is “Soft skills”. Some examples included “communications, flexibility, leadership”*. Lack of business acumen, poor communication, low attention to user experience are some other factors causing brand damage of otherwise very skilled security teams.
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 2. Processes Maturity of processes is a key factor for SOC success. 1. IT Processes (patching, upgrades, change management, problem management etc.) 2. SOC Policies and Standards (log collection standards) 3. Threat detection process 4. Incident Response process 5. Threat hunting process 6. Use case development process 7. Shift management process
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 3. Technology Stack ENABLING TECHNOLOGIES Servers, OS, Storage, Backup, Encryption, Routers, Switches, knowledge management Log Collection Vulnerability Scanning THREAT DETECTION Normalization, Correlation, Detection, Alerting INCIDENT RESPONSE Automation, Integration, Ticketing, Forensic, EDR Network Telemetry
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 4. SOC Governance • Governance board • SOC organizational chart • Business case, finance, budget - Is SOC delivering on value? • Marketing • Collaboration
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 5. Data Sources
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 5. Data Source – Log Prioritization
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 6. Threat Intelligence • STIX and TAXII • Open and commercial threat intelligence • TI automation with TIP • Exploited Vulnerabilities databases and integration into incident prioritization • Exploit Prediction Scoring System (EPSS) Image reference: https://www.first.org/epss/model
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Continuous Improvement Developing and fine tuning use cases
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Digging Deeper Managing SOC Skills
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Scale of 1-5 SIEM Hunting Linux Windows Incident Response Forensics EDR Vulnerability Mgmt Desired Skill Level 5 4 4 4 3 4 4 5 Available Skill Level 3 4 3 5 2 1 2 4 Skills Gap 2 0 1 0 1 3 2 1
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Desired and Available Skills
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Analysis
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Analysis
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Analysis
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Actions SIEM Hunting Linux Windows Incident Response Forensics EDR Vulnerability Mgmt Desired Skill Level 5 4 4 4 3 4 4 5 Available Skill Level 3 4 3 5 2 1 2 4 Skills Gap 2 0 1 0 1 3 2 1 Action Required Hire No Action Upskill No Action Upskill Hire Hire Upskill
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Essential Skills for SOC Staff 1. Foundational information security principles (e.g. CIA triad, least privileges, need to know, defense in depth, etc.) 2. Operating Systems and Cloud - Linux/Unix and Windows 3. Networking and application protocols • Very good knowledge of TCP/IP, DNS, HTTP, SMTP, SSH etc. Hands on practice for routers and switches, packet capture, nmap, curl, etc. 4. Programming (at least basic level) • Shell scripting, Python, C would be great to know, understand how web applications are built, HTML, JavaScript, SQL/Databases 5. Encryption technologies - PKI concepts, TLS 6. Research – Including LLM tools
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Thank You! ● Follow me on Twitter (or DM): @rafeeq_rehman ● Subscribe to my personal blog: https://rafeeqrehman.com ● Follow me on LinkedIn: https://www.linkedin.com/in/rafeeq/
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Further Study and Reference Cybersecurity Arm Wrestling: Winning the perpetual fight against crime by building a modern Security Operations Center https://www.amazon.com/Cybersec urity-Arm-Wrestling-perpetual-Oper ations/dp/B091LWPGCV/
Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY What is Cybersecurity Learning Saturday? ● This is a learning network supported by volunteers ● Instructor-led and live online training sessions are held on Saturdays ● Diverse topics ● Have something to offer? You can volunteer to be a trainer ● Join Cybersecurity Learning Saturday LinkedIn Group - https://www.linkedin.com/groups/8988689/ ● Follow LinkedIn Page https://www.linkedin.com/company/cybersecurity-learning-saturday

Recommended

CYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxCYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxlevimax2
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
What I learned from RSAC 2019
What I learned from RSAC 2019What I learned from RSAC 2019
What I learned from RSAC 2019Ulf Mattsson
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 

Recommended

CYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxCYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxlevimax2
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
What I learned from RSAC 2019
What I learned from RSAC 2019What I learned from RSAC 2019
What I learned from RSAC 2019Ulf Mattsson
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCAT-NET Services, Inc. - Charleston Division
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - mediumusmsystem
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training CourseRicky Lionel Vaz
 
Module 1 (legality)
Module 1 (legality)Module 1 (legality)
Module 1 (legality)Wail Hassan
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)Gerardo Pardo-Castellote
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardGerardo Pardo-Castellote
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamGlobal Knowledge Training
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
M4 Ch 1 Cyber Security.pdf
M4 Ch 1 Cyber Security.pdfM4 Ch 1 Cyber Security.pdf
M4 Ch 1 Cyber Security.pdfJitendraBhatia15
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdfArivukkarasu Dhanapal
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEslot gacor bisa pakai pulsa
 

More Related Content

Similar to Security Operations Center SOC OCTUBRE 2023

Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - mediumusmsystem
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training CourseRicky Lionel Vaz
 
Module 1 (legality)
Module 1 (legality)Module 1 (legality)
Module 1 (legality)Wail Hassan
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)Gerardo Pardo-Castellote
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
M4 Ch 1 Cyber Security.pdf
M4 Ch 1 Cyber Security.pdfM4 Ch 1 Cyber Security.pdf
M4 Ch 1 Cyber Security.pdfJitendraBhatia15
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 

Similar to Security Operations Center SOC OCTUBRE 2023 (20)

Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training Course
 
Module 1 (legality)
Module 1 (legality)Module 1 (legality)
Module 1 (legality)
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
M4 Ch 1 Cyber Security.pdf
M4 Ch 1 Cyber Security.pdfM4 Ch 1 Cyber Security.pdf
M4 Ch 1 Cyber Security.pdf
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care Providers
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdf
 

Recently uploaded

(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 

Recently uploaded (20)

(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 

Security Operations Center SOC OCTUBRE 2023

  • 1. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Six essential ingredients of a modern Security Operations Center (SOC) Presented by Rafeeq Rehman October 28, 2023
  • 2. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Six Essential Ingredients
  • 3. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 1. People Hiring and retention - the highest issue Skill gaps - train, borrow, buy? The 2022 ISACA Report on State of Cybersecurity explored skills gaps among Cybersecurity professionals. The biggest skill gap identified in the report is “Soft skills”. Some examples included “communications, flexibility, leadership”*. Lack of business acumen, poor communication, low attention to user experience are some other factors causing brand damage of otherwise very skilled security teams.
  • 4. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 2. Processes Maturity of processes is a key factor for SOC success. 1. IT Processes (patching, upgrades, change management, problem management etc.) 2. SOC Policies and Standards (log collection standards) 3. Threat detection process 4. Incident Response process 5. Threat hunting process 6. Use case development process 7. Shift management process
  • 5. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 3. Technology Stack ENABLING TECHNOLOGIES Servers, OS, Storage, Backup, Encryption, Routers, Switches, knowledge management Log Collection Vulnerability Scanning THREAT DETECTION Normalization, Correlation, Detection, Alerting INCIDENT RESPONSE Automation, Integration, Ticketing, Forensic, EDR Network Telemetry
  • 6. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 4. SOC Governance • Governance board • SOC organizational chart • Business case, finance, budget - Is SOC delivering on value? • Marketing • Collaboration
  • 7. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 5. Data Sources
  • 8. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 5. Data Source – Log Prioritization
  • 9. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY 6. Threat Intelligence • STIX and TAXII • Open and commercial threat intelligence • TI automation with TIP • Exploited Vulnerabilities databases and integration into incident prioritization • Exploit Prediction Scoring System (EPSS) Image reference: https://www.first.org/epss/model
  • 10. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Continuous Improvement Developing and fine tuning use cases
  • 11. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Digging Deeper Managing SOC Skills
  • 12. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Scale of 1-5 SIEM Hunting Linux Windows Incident Response Forensics EDR Vulnerability Mgmt Desired Skill Level 5 4 4 4 3 4 4 5 Available Skill Level 3 4 3 5 2 1 2 4 Skills Gap 2 0 1 0 1 3 2 1
  • 13. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Desired and Available Skills
  • 14. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Analysis
  • 15. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Analysis
  • 16. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Analysis
  • 17. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Skill Gaps - Actions SIEM Hunting Linux Windows Incident Response Forensics EDR Vulnerability Mgmt Desired Skill Level 5 4 4 4 3 4 4 5 Available Skill Level 3 4 3 5 2 1 2 4 Skills Gap 2 0 1 0 1 3 2 1 Action Required Hire No Action Upskill No Action Upskill Hire Hire Upskill
  • 18. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Essential Skills for SOC Staff 1. Foundational information security principles (e.g. CIA triad, least privileges, need to know, defense in depth, etc.) 2. Operating Systems and Cloud - Linux/Unix and Windows 3. Networking and application protocols • Very good knowledge of TCP/IP, DNS, HTTP, SMTP, SSH etc. Hands on practice for routers and switches, packet capture, nmap, curl, etc. 4. Programming (at least basic level) • Shell scripting, Python, C would be great to know, understand how web applications are built, HTML, JavaScript, SQL/Databases 5. Encryption technologies - PKI concepts, TLS 6. Research – Including LLM tools
  • 19. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Thank You! ● Follow me on Twitter (or DM): @rafeeq_rehman ● Subscribe to my personal blog: https://rafeeqrehman.com ● Follow me on LinkedIn: https://www.linkedin.com/in/rafeeq/
  • 20. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY Further Study and Reference Cybersecurity Arm Wrestling: Winning the perpetual fight against crime by building a modern Security Operations Center https://www.amazon.com/Cybersec urity-Arm-Wrestling-perpetual-Oper ations/dp/B091LWPGCV/
  • 21. Copyright © 2020-23 Cybersecurity Learning Saturday – Proprietary, all rights reserved CYBERSECURITY LEARNING SATURDAY What is Cybersecurity Learning Saturday? ● This is a learning network supported by volunteers ● Instructor-led and live online training sessions are held on Saturdays ● Diverse topics ● Have something to offer? You can volunteer to be a trainer ● Join Cybersecurity Learning Saturday LinkedIn Group - https://www.linkedin.com/groups/8988689/ ● Follow LinkedIn Page https://www.linkedin.com/company/cybersecurity-learning-saturday