Security Operations Center (SOC) Essentials for the SME
•Download as PPTX, PDF•
14 likes•9,979 views
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps? Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering: *Developments in the threat landscape driving a shift from preventative to detective controls *Essential security controls needed to defend against modern threats *Fundamentals for evaluating a security approach that will work for you, not against you *How a unified approach to security visibility can help you get from install to insight more quickly
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Security Operations Center (SOC) Essentials for the SME
Similar to Security Operations Center (SOC) Essentials for the SME (20)
More from AlienVault
More from AlienVault (20)
Recently uploaded
Recently uploaded (20)
Security Operations Center (SOC) Essentials for the SME
- 1. Security Operations Center (SOC) Essentials for the SME
- 2. @AlienVault2 Meet today’s presenters INTRODUCTIONS Patrick Bedwell VP, Product Marketing AlienVault Javvad Malik Senior Analyst, 451 Research 451 Research Tom D’Aquino Director, Technical Sales AlienVault
- 3. @AlienVault AGENDA Developments in the threat landscape are driving a shift from preventative to detective controls Essential security controls needed to defend against modern threats Fundamentals for evaluating a security approach that will work for you How a unified approach to security visibility can help Demo of AlienVault Unified Security Management Q&A
- 4. @AlienVault Developments in the Threat Landscape Are Driving a Shift from Preventative to Detective Controls
- 5. @AlienVault EXAMPLE OF TRENDS Source: Check Point Security Report - 2014
- 6. @AlienVault Essential Security Controls Needed to Defend Against Modern Threats
- 7. @AlienVault MOST RECOMMENDED SECURITY TECHNOLOGIES
- 8. @AlienVault MOST IMPORTANT FEATURES OF SECURITY PRODUCTS WHAT MAKES A GOOD SECURITY PRODUCT?
- 9. @AlienVault SHELFWARE BY PRODUCT TYPE
- 10. @AlienVault TOP REASONS WHY PRODUCTS BECOME SHELFWARE WHY ARE PRODUCTS UNDERUTILIZED OR NOT USED AT ALL?
- 11. @AlienVault Fundamentals for Evaluating a Security Approach that Will Work for You
- 12. @AlienVault Why? • Being clear on the security objective this product will meet. Stakeholder support? • More relevant to larger companies, but lack of stakeholder support caused many projects to fail. QUESTIONS TO ASK Deployment plan? • Have a deployment plan taking into account resources needed to deploy, rollback plans & impact on production systems. Product capabilities? • Don’t just take someone’s word for what their product can do. Verify the product capabilities – get a trial version or POC.
- 13. @AlienVault QUESTIONS TO ASK - PART 2 Negotiate? • On price, training, features etc. If you get stuck using a product will the vendor be there to help you? Do your homework? • Ask peers what their experiences have been in using certain technologies, ask analysts Decommissioning plan? • Don’t complicate your environment by adding technology on top of technology. • Decommission older security technology if you’re implementing new one.
- 14. @AlienVault SO MANY SECURITY TECHNOLOGIES TO CHOOSE FROM Given the 10 most recommended technologies and the pricing range, an organization could expect to spend anywhere from $225,000 to $1.46m in its first year, including technology and staff. Source: The Real Cost of Security, 451 Research, April 2013 Factor in: Initial Licensing Costs Implementation / Optimization Costs Ongoing Management Costs Renewal Costs Integration of all the security technologies Training of personnel/incoming personnel
- 15. @AlienVault Deployment & Use Awareness Intelligence Action UNIFIED SECURITY MANAGEMENT CLOSING THE GAPS
- 16. @AlienVault AV Labs Threat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • NetFlow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM PRODUCT CAPABILITIES
- 17. @AlienVault UNIFIED SECURITY MANAGEMENT COMPLETE. SIMPLE. AFFORDABLE. Delivery Options: Hardware, Virtual, or Cloud-based appliances Open-Source version (OSSIM) also available AlienVault USM provides the five essential security capabilities in one, pre-integrated platform Unified Security Management (USM) Platform AlienVault Labs Threat Intelligence AlienVault Open Threat Exchange
- 18. WHAT UNIFIED SECURITY MANAGEMENT OFFERS Out of the box functionality • Hours, not weeks or months Ease of deployment / Ease of use • Accessibility to features and information Actionable information • Proven, effective guidance Single pane of glass for consolidated view • One admin, not many Top Reasons Why Products Become Shelfware
- 19. @AlienVault •Updates every 30 minutes •200-350,000 IP validated daily •8,000 Collection points •140 Countries ALIENVAULT LABS THREAT INTELLIGENCECOORDINATED ANALYSIS, ACTIONABLE GUIDANCE
- 20. @AlienVault THREAT INTELLIGENCE POWERED BY OPEN COLLABORATION 20 • Diverse set of data & devices • 8,000 collection points • 140+ countries • 500,000 malware samples analyzed daily • 1500+ Event Correlation Rules • 5 Event Attack Types
- 21. @AlienVault WE’VE GOT YOUR BACK Weekly updates that cover all your coordinated rule sets: Network IDS signatures Host IDS signatures Asset discovery and inventory database updates Vulnerability database updates Event correlation rules Report modules and templates Incident response templates / “how to” guidance for each alarm Plug-ins to accommodate new data sources Fueled by the collective power of the AlienVault’s Open Threat Exchange (OTX)
- 22. @AlienVault DEMO AND Q&A Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site
Editor's Notes
- -
- Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.
- Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps? Gaps: Deployment - Awareness – Are you even aware of the security status of network, apps, systems, etc. - intelligence – Once you are aware of the status, what do you do about it / if you’re being targeted - Action – Execute quickly to reduce threats
- Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.