Priyanka Aash, profile picture
Uploaded byPriyanka Aash
1,099 views

Building a World-Class Proactive Integrated Security and Network Ops Center

The document outlines strategies for building a proactive Integrated Security and Network Operations Center (SNOC) by transitioning existing Network Operations Center (NOC) teams and focusing on team optimization, management support, and tool utilization. It emphasizes the importance of team character, culture fit, and collaboration across departments, while providing a framework for incident response and operational excellence. Additionally, it addresses security challenges and solutions, recommending the use of existing resources to enhance security measures and overall performance.

Embed presentation

Downloaded 71 times
SESSION ID: #RSAC Hanna Sicker CISM, CISSP Building a World-Class Proactive Integrated Security & Network Operations Center SNOC AIR-T11 Security & Network Operations SNOC Sr. Mgr. StubHub/eBay @snocgirl
#RSAC Operations Leaders (Security & Network)
#RSAC Service Unavailable…
#RSAC We Did it!
#RSAC SNOC Impact on Uptime & CSS Year 2011 Year 2012 Year 2013 Year 2014 Year 2015 99.95% 99.97% 99.99%99.90% 98.00% CSS * CSS: Customer Satisfaction Score
#RSAC How…
#RSAC Typical NOC & SOC Challenges
#RSAC How We Overcame the Challenges
#RSAC Break the Rules Say “NO” to Traditional Tiered Model
#RSAC SNOC IRP (Incident Response Process) Visibility Detection Analysis Investigation Response Remediation SLA Change Mgt. Process
#RSAC IRP – Step 1
#RSAC IRP – Step 2
#RSAC IRP – Step 3
#RSAC Proactive Integrated SNOC Framework Mgt. Team Tools BIC Services Reports Reinvest Recognize Enable
#RSAC Building a Winning Team
#RSAC Detailed SNOC Framework – Team Stage 1 • Quick impact - utilize the existing structure Stage 2 • Optimize & emphasize on quality Stage 3 • Identify & hire talent Stage 4 • Empower the team & remove the tiers Stage 5 • Team development life cycle - TDLC
#RSAC Stage 1 – Quick Impact (2 mo.)
#RSAC Stage 2 – Optimize & Emphasize on Quality
#RSAC Stage 3 – Identify & Hire Talent Round out the team puzzle
#RSAC Stage 4 – Empower the Team
#RSAC Stage 5 - Team Development Life Cycle - TDLC Train Mentor Coach Hire Talent Process Cross Train Enable Engage Quality
#RSAC Detailed SNOC Framework – Tools Stage 1 • Utilize Stage 2 • Optimize Stage 3 • Automate
#RSAC Finding the Right Tools
#RSAC SNOC Framework – BIC Services Our Formula BIC Services = Business Objectives = Customer Satisfaction Score (CSS) + Revenue ($) + Team Defined Goals (*APS) APS = Availability + Performance + Security Quick results without initial Mgt support = Team + Existing Tools + Reports
#RSAC SNOC Framework – Management Our Formula Increased demonstrated value = increased Mgt support (IMS) IMS = Recognition + Reinvestment
#RSAC Our Key to Success
#RSAC Team Characteristics
#RSAC Right Architecture - Security Layers 3rd Parties Tokenization Fraud detection WAF Client reputation Customized rules Bot detection IDS IPS SIEMPacket capture Bot detection WAF Vulnerability mgt. Fraud protection Data Activity Monitoring Log mgt.
#RSAC Use Case – Reducing ATOs
#RSAC SNOC Benefits & Future Challenges
#RSAC Apply If you are in the process of building a SOC, and you have an existing NOC, utilize your existing NOC team and transition them to become SNOC. Recognize similar functions between NOC & SOC and combine them. Before obtaining Mgt. commitment, focus on your team as the core component to build successful SNOC.
#RSAC Apply When you add new members, focus on character and culture fit. Try to round out the team puzzle. Do not pay for expertise; grow your own (entry level but highly motivated and trainable). Lead from the front Build alliances with other teams across all departments & learn from their key players.
#RSAC Apply Understand your business goals, traffic and users. Filter your traffic at the edge and protect at all layers. Shield your data center - If your business does B2C then any cloud services who host businesses can be blocked. If your clients are within a specific geographic area, then block all other countries/areas that you do not do business with. To reduce ATOs & attacks, create WAF rules based on your traffic & customers’ behavior.
#RSAC Apply – Cont. Utilize & optimize your and other teams’ existing tools. If no tools are available, then automate processes using scripts written by one of your own or another team’s members. Tune out false positive alerts and train the team to tune and modify the thresholds. Check if the NOC has tools that are applicable for SOC usage. Example: If the NOC is using a network performance monitoring tools, check to see if the tools can perform full packet capture.
#RSAC Let’s work together My contact info: Hanna Sicker hsicker@stubhub.com Twitter: @SNOCgirl

More Related Content

PPTX
Soc
byMukesh Chaudhari
 
PDF
Security operations center 5 security controls
byAlienVault
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PPTX
Network operations center (noc)
byElena Benson
 
PDF
IDC Security 2014, Endpoint Security in Depth
byKen Tulegenov
 
PDF
What Is Next-Generation Endpoint Security and Why Do You Need It?
byPriyanka Aash
 
PPTX
NextGen Endpoint Security for Dummies
byAtif Ghauri
 
PPTX
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
byAlienVault
 
Soc
byMukesh Chaudhari
 
Security operations center 5 security controls
byAlienVault
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
Network operations center (noc)
byElena Benson
 
IDC Security 2014, Endpoint Security in Depth
byKen Tulegenov
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
byPriyanka Aash
 
NextGen Endpoint Security for Dummies
byAtif Ghauri
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
byAlienVault
 

What's hot

PDF
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
byVijilan IT Security solutions
 
PDF
Infosec 2014 - Considerations when choosing an MSSP
byHuntsman Security
 
PPTX
Maturing Endpoint Security: 5 Key Considerations
bySirius
 
PDF
Its Not You Its Me MSSP Couples Counseling
byAtif Ghauri
 
PDF
Cloud Breach – Preparation and Response
byPriyanka Aash
 
PPT
Redefining Endpoint Security
byBurak DAYIOGLU
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
PDF
Skill Set Needed to work successfully in a SOC
byFuad Khan
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PPTX
7 Steps to Build a SOC with Limited Resources
byLogRhythm
 
PDF
CO$T BENEFIT OF MSSP
byAlex Himmelberg
 
PPTX
Security operation center
byMuthuKumaran267
 
PPTX
ISS CAPSTONE TEAM
byJonathan Fuller
 
PPTX
Managed it business leader ppt
byBimadRajSinha1
 
PDF
SIEM enabled risk management , SOC and GRC v1.0
byRasmi Swain
 
PDF
Enterprise Vulnerability Management: Back to Basics
byDamon Small
 
PPTX
NIST Critical Security Framework (CSF)
byPriyanka Aash
 
PPTX
The RIPE Experience
byDigital Bond
 
PDF
Determining Scope for PCI DSS Compliance
bySchellman & Company
 
PDF
Best practices for building network operations center
bySatish Chavan
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
byVijilan IT Security solutions
 
Infosec 2014 - Considerations when choosing an MSSP
byHuntsman Security
 
Maturing Endpoint Security: 5 Key Considerations
bySirius
 
Its Not You Its Me MSSP Couples Counseling
byAtif Ghauri
 
Cloud Breach – Preparation and Response
byPriyanka Aash
 
Redefining Endpoint Security
byBurak DAYIOGLU
 
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
Skill Set Needed to work successfully in a SOC
byFuad Khan
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
7 Steps to Build a SOC with Limited Resources
byLogRhythm
 
CO$T BENEFIT OF MSSP
byAlex Himmelberg
 
Security operation center
byMuthuKumaran267
 
ISS CAPSTONE TEAM
byJonathan Fuller
 
Managed it business leader ppt
byBimadRajSinha1
 
SIEM enabled risk management , SOC and GRC v1.0
byRasmi Swain
 
Enterprise Vulnerability Management: Back to Basics
byDamon Small
 
NIST Critical Security Framework (CSF)
byPriyanka Aash
 
The RIPE Experience
byDigital Bond
 
Determining Scope for PCI DSS Compliance
bySchellman & Company
 
Best practices for building network operations center
bySatish Chavan
 

Viewers also liked

PPTX
Network Operations Center - Marlabs
byMarlabs
 
PPTX
Top 10 tips for effective SOC/NOC collaboration or integration
bySridhar Karnam
 
PPSX
NETWORK OPERATION CENTER
byRolando Rodriguez
 
PDF
Network Operation Center Best Practices
byAyehu Software Technologies Ltd.
 
PPT
Network Monitoring & Alarming
byAnuson K
 
PDF
Demystifying Security Analytics: Data, Methods, Use Cases
byPriyanka Aash
 
PDF
AccelOps & SOC-NOC Convergence
byStephen Tsuchiyama
 
PPT
SOC/NOC Convergence by Spire Research
byAccelOps
 
PDF
Securing your IT infrastructure with SOC-NOC collaboration TWP
bySridhar Karnam
 
PPTX
Noc and soc deck
bykevin_donovan
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
PDF
SIEM and SOC
byAbolfazl Naderi
 
PDF
GBM Network Operation Center
byGulf Business Machines
 
PPTX
Practioners Guide to SOC
byAlienVault
 
PDF
Netrac Fault Management Solution
byPerceptio
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PDF
Monitoring and Log Management for
bySematext Group, Inc.
 
PPT
Image processing Presentation
byValia koonambaikulathamma college of engineering and technology
 
PDF
Basics of Image Processing using MATLAB
byvkn13
 
PPTX
Network Operations Center
byMuhannad Kalbouneh
 
Network Operations Center - Marlabs
byMarlabs
 
Top 10 tips for effective SOC/NOC collaboration or integration
bySridhar Karnam
 
NETWORK OPERATION CENTER
byRolando Rodriguez
 
Network Operation Center Best Practices
byAyehu Software Technologies Ltd.
 
Network Monitoring & Alarming
byAnuson K
 
Demystifying Security Analytics: Data, Methods, Use Cases
byPriyanka Aash
 
AccelOps & SOC-NOC Convergence
byStephen Tsuchiyama
 
SOC/NOC Convergence by Spire Research
byAccelOps
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
bySridhar Karnam
 
Noc and soc deck
bykevin_donovan
 
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
SIEM and SOC
byAbolfazl Naderi
 
GBM Network Operation Center
byGulf Business Machines
 
Practioners Guide to SOC
byAlienVault
 
Netrac Fault Management Solution
byPerceptio
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Monitoring and Log Management for
bySematext Group, Inc.
 
Image processing Presentation
byValia koonambaikulathamma college of engineering and technology
 
Basics of Image Processing using MATLAB
byvkn13
 
Network Operations Center
byMuhannad Kalbouneh
 

Similar to Building a World-Class Proactive Integrated Security and Network Ops Center

PDF
Insights from-NSAs-cybersecurity-threat-operations-center
byPriyanka Aash
 
PPTX
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
bySeniorStoryteller
 
PDF
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
byawish11
 
PDF
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
PDF
Rsac2015 burns-fighting the right battle
byBill Burns
 
PDF
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
byPriyanka Aash
 
PDF
No more security empires - The ciso as an individual contributor
byPriyanka Aash
 
PDF
For Critical Infrastructure Protection
byPriyanka Aash
 
PPTX
Ten Tenets of CISO Success
byFrank Kim
 
PDF
Hardening the cloud : Assuring agile security in high-growth environments
byPriyanka Aash
 
PDF
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
PDF
Secure Cloud Development Resources with DevOps
byCloudPassage
 
PDF
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
byPriyanka Aash
 
PDF
The five secrets of high performing cisos
byPriyanka Aash
 
PDF
Less tech more talk the future of the ciso role
byPriyanka Aash
 
PDF
Soc 2030-socs-are-broken-lets-fix- them
byPriyanka Aash
 
PDF
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
PDF
Release Your Inner DevSecOp
byJames Wickett
 
PDF
What is a Security Operation Center(SOC)?
byBORNSEC CONSULTING
 
PDF
Security Program Development for the Hipster Company
byPriyanka Aash
 
Insights from-NSAs-cybersecurity-threat-operations-center
byPriyanka Aash
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
bySeniorStoryteller
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
byawish11
 
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
Rsac2015 burns-fighting the right battle
byBill Burns
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
byPriyanka Aash
 
No more security empires - The ciso as an individual contributor
byPriyanka Aash
 
For Critical Infrastructure Protection
byPriyanka Aash
 
Ten Tenets of CISO Success
byFrank Kim
 
Hardening the cloud : Assuring agile security in high-growth environments
byPriyanka Aash
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
Secure Cloud Development Resources with DevOps
byCloudPassage
 
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
byPriyanka Aash
 
The five secrets of high performing cisos
byPriyanka Aash
 
Less tech more talk the future of the ciso role
byPriyanka Aash
 
Soc 2030-socs-are-broken-lets-fix- them
byPriyanka Aash
 
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
Release Your Inner DevSecOp
byJames Wickett
 
What is a Security Operation Center(SOC)?
byBORNSEC CONSULTING
 
Security Program Development for the Hipster Company
byPriyanka Aash
 

More from Priyanka Aash

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 

Recently uploaded

PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
cybercrime in Information security .pptx
byismaeelsahib032
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
API-First Architecture in Financial Systems
bycyy111112
 

Building a World-Class Proactive Integrated Security and Network Ops Center

  • 1.
    SESSION ID: #RSAC Hanna SickerCISM, CISSP Building a World-Class Proactive Integrated Security & Network Operations Center SNOC AIR-T11 Security & Network Operations SNOC Sr. Mgr. StubHub/eBay @snocgirl
  • 2.
  • 3.
  • 4.
  • 5.
    #RSAC SNOC Impact onUptime & CSS Year 2011 Year 2012 Year 2013 Year 2014 Year 2015 99.95% 99.97% 99.99%99.90% 98.00% CSS * CSS: Customer Satisfaction Score
  • 6.
  • 7.
    #RSAC Typical NOC &SOC Challenges
  • 8.
    #RSAC How We Overcamethe Challenges
  • 9.
    #RSAC Break the Rules Say“NO” to Traditional Tiered Model
  • 10.
    #RSAC SNOC IRP (IncidentResponse Process) Visibility Detection Analysis Investigation Response Remediation SLA Change Mgt. Process
  • 11.
  • 12.
  • 13.
  • 14.
    #RSAC Proactive Integrated SNOCFramework Mgt. Team Tools BIC Services Reports Reinvest Recognize Enable
  • 15.
  • 16.
    #RSAC Detailed SNOC Framework– Team Stage 1 • Quick impact - utilize the existing structure Stage 2 • Optimize & emphasize on quality Stage 3 • Identify & hire talent Stage 4 • Empower the team & remove the tiers Stage 5 • Team development life cycle - TDLC
  • 17.
    #RSAC Stage 1 –Quick Impact (2 mo.)
  • 18.
    #RSAC Stage 2 –Optimize & Emphasize on Quality
  • 19.
    #RSAC Stage 3 –Identify & Hire Talent Round out the team puzzle
  • 20.
    #RSAC Stage 4 –Empower the Team
  • 21.
    #RSAC Stage 5 -Team Development Life Cycle - TDLC Train Mentor Coach Hire Talent Process Cross Train Enable Engage Quality
  • 22.
    #RSAC Detailed SNOC Framework– Tools Stage 1 • Utilize Stage 2 • Optimize Stage 3 • Automate
  • 23.
  • 24.
    #RSAC SNOC Framework –BIC Services Our Formula BIC Services = Business Objectives = Customer Satisfaction Score (CSS) + Revenue ($) + Team Defined Goals (*APS) APS = Availability + Performance + Security Quick results without initial Mgt support = Team + Existing Tools + Reports
  • 25.
    #RSAC SNOC Framework –Management Our Formula Increased demonstrated value = increased Mgt support (IMS) IMS = Recognition + Reinvestment
  • 26.
  • 27.
  • 28.
    #RSAC Right Architecture -Security Layers 3rd Parties Tokenization Fraud detection WAF Client reputation Customized rules Bot detection IDS IPS SIEMPacket capture Bot detection WAF Vulnerability mgt. Fraud protection Data Activity Monitoring Log mgt.
  • 29.
    #RSAC Use Case –Reducing ATOs
  • 30.
    #RSAC SNOC Benefits &Future Challenges
  • 31.
    #RSAC Apply If you arein the process of building a SOC, and you have an existing NOC, utilize your existing NOC team and transition them to become SNOC. Recognize similar functions between NOC & SOC and combine them. Before obtaining Mgt. commitment, focus on your team as the core component to build successful SNOC.
  • 32.
    #RSAC Apply When you addnew members, focus on character and culture fit. Try to round out the team puzzle. Do not pay for expertise; grow your own (entry level but highly motivated and trainable). Lead from the front Build alliances with other teams across all departments & learn from their key players.
  • 33.
    #RSAC Apply Understand your businessgoals, traffic and users. Filter your traffic at the edge and protect at all layers. Shield your data center - If your business does B2C then any cloud services who host businesses can be blocked. If your clients are within a specific geographic area, then block all other countries/areas that you do not do business with. To reduce ATOs & attacks, create WAF rules based on your traffic & customers’ behavior.
  • 34.
    #RSAC Apply – Cont. Utilize& optimize your and other teams’ existing tools. If no tools are available, then automate processes using scripts written by one of your own or another team’s members. Tune out false positive alerts and train the team to tune and modify the thresholds. Check if the NOC has tools that are applicable for SOC usage. Example: If the NOC is using a network performance monitoring tools, check to see if the tools can perform full packet capture.
  • 35.
    #RSAC Let’s work together Mycontact info: Hanna Sicker hsicker@stubhub.com Twitter: @SNOCgirl