Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
SIEM is a technological solution that collects and aggregates logs from various data sources, discovers trends, and alerts when it spots anomalous activity, like a possible security threat.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Security Information and Event Management (SIEM)hardik soni
Leo TechnoSoft SIEM products help's every enterprise with all security threats. Security information and event management software provides real-time visibility.
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
SIEM is a technological solution that collects and aggregates logs from various data sources, discovers trends, and alerts when it spots anomalous activity, like a possible security threat.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Security Information and Event Management (SIEM)hardik soni
Leo TechnoSoft SIEM products help's every enterprise with all security threats. Security information and event management software provides real-time visibility.
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
SIEM is an abbreviation of “Security Information and Event Management”. It comprises of two parts:
Security Information Management
Security Event Management
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
It’s a fair question and one that is compounded by the convergence we see happening across many categories within cybersecurity. Security operations teams have a broad spectrum of choices from pure-play security orchestration and automation platforms to traditional SIEMs that are adding orchestration capabilities.
Visit - https://siemplify.co/blog/do-i-need-a-siem-if-i-have-soar/
Companies are looking forward for single Operation center for entire IT stack, This preso summarize the design components for ESOC which will cater entire IT infrastructure and application stack from a single facility.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
SIEM is an abbreviation of “Security Information and Event Management”. It comprises of two parts:
Security Information Management
Security Event Management
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
It’s a fair question and one that is compounded by the convergence we see happening across many categories within cybersecurity. Security operations teams have a broad spectrum of choices from pure-play security orchestration and automation platforms to traditional SIEMs that are adding orchestration capabilities.
Visit - https://siemplify.co/blog/do-i-need-a-siem-if-i-have-soar/
Companies are looking forward for single Operation center for entire IT stack, This preso summarize the design components for ESOC which will cater entire IT infrastructure and application stack from a single facility.
The Tofino Industrial Security Solution - 7 Steps To Securing Your Industrial...Byres Security Inc.
Eric Byres, CTO of Byres Security, presents the seven steps to industrial-strength security with Tofino™.
0:03 - Tofino - The Industrial Security Solution - Eric Byres gives a brief overview of some of the issues with today's firewalls, and introduces the Tofino Industrial Security Solution.
1:14 - Step 1: Plug and Play Installation - No plant downtime, No special training required for installation.
1:46 - Step 2: Discover Tofino - Have your Tofino report in with only a couple mouse clicks.
1:55 - Step 3: Customize Tofino - Deploy multiple security functions with one appliance.
2:11 - Step 4: Examine Your Network and Diagram it - Using Tofino allows you to map your network and build a diagram.
2:20 - Step 5: Command Your Tofino - Having specialized IT knowledge or command line programming is not required, and most human errors are avoided.
2:44 - Step 6: Test Mode - With test mode, there are no process upsets and traffic is allowed through, but Tofino notes which traffic would have been blocked based on the rules that were set.
3:05 - Step 7: Protect Your Plant - Protect your plant with no interruptions to the network and no downtime.
3:34 - Tofino Industrial Security Solution Key Components - Eric Byres explains the three key components - Security Appliances, Loadable Security Modules, and Central Management Platform.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
The Nozomi Networks solution improves ICS cyber resiliency and provides real-time operational visibility. Major customers have improved reliability, cybersecurity and operational efficiency using our technology. Learn more about our solutions and technology here and how they can bring immediate benefit to your industrial control system (ICS)
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
The Challenge For Log Analysis
Log Management vs SIEM vs NextGen SIEM
Security Analytic + Storage + Actionable Intelligence
NexGen Security Operation Center For Smart Cities
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
Defending against the increasing sophistication and complexity of today’s security threats requires a comprehensive, multi-layered approach. The key is to maximize the strength of each layer of your defenses, and then ask yourself “If this layer is breached, what do I have in place to prevent further damage?”
Even if you have implemented the proper layers of protection, effective security still requires a thoughtful and comprehensive approach to monitoring and reporting. Monitoring plays a critical role in any effective IT security strategy. It's like having a security guard constantly patrolling your digital infrastructure, vigilantly watching for suspicious activity and potential threats. Security monitoring allows you to detect threats as soon as possible, giving you a better chance of responding quickly and effectively.
Join us for this webinar we will cover:
• The best practices for monitoring your IBM i environment.
• The benefits of combining your IBM i monitoring with other IT systems
• A demonstration of a new Assure Security Monitoring and Reporting interface
Decrypting the security mystery with SIEM (Part 1) Zoho Corporation
Decrypting the security mystery with SIEM - Part I
1. EventLog Analyzer, your complete security arsenal
2. Sealing securityloopholes: Getting to know vulnerable ports, devices, and more.
3. Combating attacks with EventLog Analyzer
a. Mitigating brute force attacks
b. Stopping the rise of ransomware
c. Containing SQL injection attacks
4. Proactively preventing insider attacks
a. Monitoring privileged user activities
5. Securing physical, virtual, and cloud environments
6. Adhering to stringent compliance rules with the integrated compliance management
Wipro in collaboration with Symantec offers CaaS which uses Control Compliance Suite (CCS), the industry
leading technology to manage Compliance and Security Configuration Assessments.
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Jorge Higueros's presentation on SNAPS.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
Similar to Building a Cyber Security Operations Center for SCADA/ICS Environments (20)
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
Anonymization techniques are a double-edged sword invention as they can be used by journalists to communicate more safely with whistle blowers or by malicious users to commit cyber-crimes without getting caught but the problem is that neither party is anonymous nor safe from being exposed. In the presentation Mohamed discussed a tool that he developed "dynamicDetect" to de-anonymize TOR clients and browsers and abstracting the user's original IP address and fingerprint. The tool then uses this information as a launchpad to perform defensive and offensive against that TOR user.
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
Mohamed Bedewi, Offense Security Division Head and Sr. Penetration Testing Consultant at DTS presented also during one of the security sessions titled - "Your Network in the Eyes of a Hacker – The 0ff3ns!v3 Version" which raised a few eyebrows to say the least. The presentation slides can be found here….
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
ISACA Journal Publication Volume 5 written by Shah Sheikh - published in Q4 2013. Based on the Cloud Security Alliance Framework whitepaper titled "Does your Cloud have a Secure Lining?"
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Building a Cyber Security Operations Center for SCADA/ICS Environments
1. Building a SCADA Cyber Security Operations Center - PCN
www.dts-solution.com
Shah H Sheikh – Sr. Security Solutions Consultant
MEng CISSP CISA CISM CRISC CCSK
shah@dts-solution.com
2. Agenda – Building a Security Operations Center
• Information Security in Depth – put into practice
• Understand overall security architecture
• Identify ingress points of attack vectors
• Physical and Logical Security
• Build a SOC around the above
… and more importantly build it around;
People, Process and Technology
Security Operations Center
7. External Network
Control LAN
Plant Network
Office LAN
Internet
Infected
Laptops
Infected Remote
Support
Mis-Configured
Firewalls
Unauthorized
Connections
Modems
3rd Party Issues
USB Drives
Pathways into the Plant Floor
SIEM NMS
Backup / Recovery
8. Corporate IT Automation Systems IT
Not life threatening Safety first
Availability important Non-interruption is critical
Transactional orientation Real-time focus
IBM, SAP, Oracle, ….. ABB, Emerson, GE, Honeywell, Siemens...
People ~= Devices Few people; Many, many devices
PCs and Servers Sensors, Controllers, Servers
Web services model is dominant Polled automation control model
MS Windows is dominant OS Vendor-embedded operating systems
Many commercial software products installed on each PC Purpose-specific devices and application
Protocol is primarily HTTP/HTTPS over TCP/IP -- widely known
Many industrial protocols, some over TCP/IP – vendor and sector-
specific
Office environment, plus mobile Harsh operating plant environments
Cross-industry IT jargon Industry sector-specific jargon
Cross-industry regulations (mostly) Industry-specific regulations
Automation Systems Security Really Unique?
15. Key Objectives for SOC … (1)
• Manages and Coordinates the response to Cyber Threats and
Incidents
• Monitors the Cyber Security posture and reports deficiencies
• Coordinates with regulatory bodies
• Performs Threat and Vulnerability Analysis
• Performs Analysis of Cyber Security Events
• Maintains an Internal Database of Cyber Security Incidents
• Provide Alerts and Notifications to General and Specific Threats
• Provide regular reporting to Management and Cyber Incident
Responders
16. Key Objectives for SOC … (2)
• Reduce the response time of security incident from initial
findings, to reporting to containment
• Recovery Time Objective (RTO) in case of security incident
materializing
• Proactive Security Monitoring based on predefined security
metrics / KPI
• Raise Awareness of Information Security across community of
leaders and sub-ordinates
• Ability to correlate system, application, network, server, security
logs in a consistent way
17. Key Objectives for SOC … (3)
• Ability to automate the requirement to meet compliance –
vulnerability assessment and risk management
• Ensure change control function is integrated into the SOC process
• Identification for all security attack vectors and classification of
incidents
• Define disaster recovery plans for ICE (in-case of emergency).
• Build a comprehensive reporting dashboard that is aligned to
security metrics
• Build a local in-house SIRT (security incident response team) that
collaborates with national CERT
18. Key Objectives for SOC … (4)
• To build SOC processes that are aligned to existing ISO27001
security policies
• Build a physical and virtual team of SOC personnel for 24 x 7
monitoring
• Build forensics capabilities to be able to reconstruct series of
events during an incident
• Proactive monitoring of network and security infrastructure
devices
19. Components of a SOC
• To build the SOC with simple acceptance and execution model
• Maximize the use of technology.
• To build security intelligence and visibility that was previously
unknown; build effective coordination and response unit and to
introduce automation of security process.
• Develop SOC processes that are inline to industry best practices and
accepted standards – ISO27001:2013, PCI-DSS3.0
SECURITY INCIDENT MANAGEMENT
· PRE AND POST INCIDENT ANALYSIS
· FORENSICS ANALYSIS
· ROOT CAUSE ANALYSIS
· INCIDENT HANDLING
· aeCERT INTEGRATION
·
REPORTING
· EXECUTIVE SUMMARY
· AUDIT AND ASSESSMENT
· SECURITY METRIC REPORTING
· KPI COMPLIANCE
· SLA REPORTING
·
REAL-TIME MONITORING
· DATA AGGREGATION
· DATA CORRELATION
· AGGREGATE LOGS
· CORDINATE RESPONSE
· AUTOMATED REMEDIATION
21. SOC – Core Components
Core Components for a SOC 2.0
• OSS – Operational Support System
• SIEM – Security Information and Event Management
• Proactive Monitoring - Network and Security and Server Infrastructure
• Alert and Notification – Security Incident Reporting
• Events Correlation and Heuristics / Behavioural / Anomaly
22. SOC – Core Components
Core Components for a SOC 2.0
• Information and Network Security $$ Automation $$
• To natively build-in compliance and audit functions
• To manage change control process through integrated ITILv3 CM and SD
• Configuration Management of Infrastructure Components
23. SOC – Core Components
Core Components for a SOC 2.0
• Alignment of Risk Management with Business Needs
• Qualified Risk Ranking
• Risks are ranked based on business impact (BIA)
• Risk framework is built into the SIEM solution;
• incident = risk severity = appropriate remediation and isolation action
• SOC is integrated with Vulnerability and Patch Management
24. SOC – Core Components
Core Components for a SOC 2.0
• IRH – Incident Response Handling
• How effective the SOC is measured by how incidents are managed, handled,
administered, remediated and isolated.
• Continuous cyclic feedback mechanism drives IRH
• Critical functions include Network Forensics and Surveillance Tech..
• Reconstruct the incident …. Evidence gathering … Effective Investigation
• Escalation Management – know who to communicate during an
incident
25. SOC – Core Components
Proposed Architecture for the SOC
Perimeter and Boundary Points
Network Nodes
Internet
DMZ / Published Services
IPS
WWW SSL VPN
Applications
Active DirectoryDB
Middleware
SMTP
Internal Resources
MAINFRAME
Servers
WAF FW
(HTTP, SNMP, SMTP, SYSLOG, API, XML, CUSTOM FILE, LOGFILE
DATA ACQUISITION LAYER – SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
EVENT CORRELATION LAYER
· Event Correlation Engine
· Analysis and Filtering
· Event Management
· Integration with NMS Systems
· Trouble Ticket Integration
· Flow Analysis
SECURITY VULNERABILITY
· Common Vulnerability Exploits CVE
· Risk Ranking
· Configuration Audit
· Security Metric Dashboard
DATA COLLABORATION
· Policy Management
· Asset Repository
· Problem Incident Management
· Security Incident Reporting
· Change Control
· Security Automation
Security Management, Systems Management, Network Management, Reporting, KPI, SLA, Benchmark, Compliance Management
REPORTING AND MANAGEMENT LAYER
26. SOC – Core Components
Integration of Core SOC Components
27. SOC Technologies …
So now the technologies …
SIEM Solutions
• Event Collector – Syslog, Log Files, Application Log Export
• Flow Collection – NetFlow, J-Flow, S-Flow, IPIX
• Asset Database
• Event and Flow Correlation
• Centralized Management Console for Security Dashboard and Reporting
• Integration with service desk for automated ticket creation
Compliance Management and Policy Conformance
• Configuration Audit
• ISO27001 / PCI-DSS3.0 Policy Compliance
• Risk Management
• Baseline Configuration Violation Monitoring
• Network Topology Mapping and Visualization
• Vulnerability Assessment
28. SOC Technologies …
So now the technology …
Network and Security Monitoring
• Network Performance Monitor - SNMP
• Network Monitoring
• Link Utilization
• Availability Monitoring
• SLA reporting
• Integration with service desk for automated ticket creation
Security Intelligence
• Network Forensics
• Situation Awareness
• Artifacts and Packet Reconstruction
• Monitor all Internet Activity
• Record metadata for recursive analysis during incident response
• Integration with Incident Response Handling (IRH)
29. SOC (before) ….. < The Silos >…
Technology Integration … the old practice
SIEM
Vulnerability
Assessment
Network
Monitoring
30. SOC (after) …. Automation
Technology Integration … the new … WORKFLOW
SIEM 2.0Compliance and
Monitoring
NMS
31. SOC – Processes …. Look familiar…
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
DATA SECURITY AND MONITORING
• Data Asset Classification
• Data Collection
• Data Normalization
• Data at Rest and In Motion
• Data Protection
• Data Distribution
32. SOC – Processes
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
EVENT MANAGEMENT
• Event Correlation
• Identification
• Triage
• Roles
• Containment
• Notification
• Ticketing
• Recovery
• Forensics and Situational Awareness
33. SOC – Processes
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
INCIDENT RESPONSE PRACTICE
• Security Incident Reporting Structure
• Security Incident Monitoring
• Security Incident Escalation Procedure
• Forensics and Root Cause Analysis
• Return to Normal Operations
• Post-Incident Planning and Monitoring
• Communication Guidelines
• SIRT Integration
34. SOC – Processes
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
SOC OPERATING GUIDELINES
• SOC Workflow
• Personnel Shift Description
• Shift Reporting
• Shift Change
• Information Acquisition
• SOC Monitoring Suite
• SOC Reporting Structure
• Organizational Chart
35. SOC – Processes
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
ESCALATION MANAGEMENT
• Escalation Procedure
• Pre-Escalation Tasks
• IT Security
• Network Operation Center
• Security Engineering
• SIRT Integration
• Law Enforcement
• 3rd Party Service Providers and Vendors
36. SOC – Processes
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
DATA RECOVERY PROCEDURES
• Disaster Recovery and BCP Procedure
• Recovery Time Objective
• Recovery Point Objective
• Resiliency and High Availability
• Facilities Outage Procedure
37. SOC – Processes
SECURITY INCIDENT PROCEDURES
• Email Phishing - Email Security Incident
• Virus and Worm Infection
• Anti-Virus Management Incident
• NetFlow Abnormal Behavior Incident
• Network Behaviour Analysis Incident
• Distributed Denial of Service Incident
• Host Compromise - Web Application Security Incident
• Network Compromise
• Internet Misuse
• Human Resource - Hiring and Termination
• Domain Hijack or DNS Cache Poisoning
• Suspicious User Activity
• Unauthorized User Access (Employee)
38. SOC – Processes
VULNERABILITY AND PATCH MANAGEMENT
• Vulnerability Research
• Patch Management - Microsoft SCOM
• Identification
• Dissemination
• Compliance Monitoring
• Network Configuration Baseline
• Anti-Virus Signature Management
• Microsoft Updates
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
39. SOC – Processes
TOOLS OPERATING MANUAL FOR SOC PERSONNEL
• Operating Procedure for SIEM Solutions – Event Management and Flow
Collector/Processor
• Firewall Security Logs
• IDS/IPS Security Logs
• DMZ Jump Server / SSL VPN logs
• Endpoint Security logs (AV, DLP, HIPS)
• User Activity / Login Logs
• Operating Procedure for Policy and Configuration Compliance
• Operating Procedure for Network Monitoring Systems
• Operating Procedure for Vulnerability Assessment
Creating the SOC Processes
… now that we have discussed technology, lets discuss processes …
40. SOC – Processes
SECURITY ALARMS AND ALERT CLASSIFICATION
• Critical Alarms and Alerts with Action Definition
Non-Critical and Information Alarms
Alarm reporting and SLA to resolve the alarms
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
41. SOC – Processes
SECURITY METRIC AND DASHBOARD – EXECUTIVE SUMMARY
• Definition of Security Metrics based on Center of Internet
Security standards
• Security KPI reporting definition
• Security Balanced Scorecard and Executive Reporting
Creating the SOC Processes
… now that we have discussed technology, lets discuss
processes …
42. • Environments
• Location
• Device Types
• System Types
• Security Zones
• Demarcation Points
• Ingress Perimeters
• Data Center
• Extranet
• WAN
….Know your infrastructure….
You can only monitor what you know
49. • Knowledge on how service flow across your infrastructure….
BUILD A SECURITY SERVICES CATALOG
…. Service Flows ……
50. • Understanding the service flows will allow you to VISUALIZE…
….. HEAT MAP …..
…. Service Flows ……
51. Build an Asset Database and Integrated into SIEM;
Following asset details can be adjusted with Asset Manager:
• Name
• Description
• Weight
• Operating System
• Business Owner
• Business Owner Contact Information
• Technical Owner
• Technical Owner Contact Information
• Location
Build an Asset Repository
53. Now that we have the processes, technology and people what next…..
• Build contextual threat cases per environment;
– Extranet
– Internet
– Intranet
– Data Center
– Active Directory
– Malware / Virus Infection and Propagation
– NetFlow Analysis
– Remote Sites / WAN
– Remote Access – IPSEC VPN / SSL VPN
– Wireless
– etc…..
Develop Threat Cases
57. ADVANCED THREAT CASES - ENVIRONMENT
• To define threat cases per environment … not by system…. (silo)
• CONTEXTUAL
• SERVICE ORIENTATED
• USER CENTRIC
ID Threat Case Development
OS.WIN Microsoft Windows Servers - Threat Case Development Documentation
Microsoft Active Directory - Threat Case Development Documentation
MSIIS
MSSQL
MSEXC
Microsoft Application - Threat Case Development Documentation
• IIS
• MSSQL
• Exchange
IBMAIX
LINUX
SOLARIS
UNIX/LINUX/SOLARIS/AIX – Threat Case Development Documentation
PRIVACC Advanced Threat Cases for Privileged User and Special Account Activity and Monitoring
N/A Baseline Security Settings on UNIX/LINUX/SOLARIS/AIX server
BUSINT Business Internet
EXTRNT Extranet
S2SVPN Site to Site VPN
58. ADVANCED THREAT CASES - ENVIRONMENT
• To define threat cases per environment …
…. Eventually …. Should …. Include …. All …. Environment …..
ID Threat Case Development
INTOFF International Offices – Global MPLS
SSLVPN Juniper SSL VPN
NATIONAL IPVPN –National MPLS IPVPN
WIRLESS Wireless Infrastructure
VOIPUC Voice over IP
VSAT VSAT – Satellite
DIGPKI PKI and X.509 Digital Certificates (systems threat case)
AAA AAA (systems threat case)
HIPS HIPS (system threat case and ePO integration)
EXECACC Executive Account Monitoring
SAP SAP Router and SAP Privilege Activity Monitoring
COMPLIANCE Compliance and Best Practices Configuration
NAC Network Admission Control –
59. ADVANCED THREAT CASES - ENVIRONMENT
• To define threat cases per environment …
…. Eventually …. Should …. Include …. All …. Environment …..
ID Threat Case Development
IPS-AV IPS and AV Management Console
EMAIL Email Security – Business Internet Gateway
DAM Database Activity Monitoring (DAM)
SFT Secure File Transfer
• IMPORTANT – understand the environment and understand the threats related to
those environment…..
62. Important Note:
"OS.WIN.010.Offense: Multiple Logon for Single User from Different Locations" offense is
disabled pending application/system accounts names clarifications to be excluded from the rule's
logic.
Develop Threat Cases – Windows Servers
70. SOC-Wiki - Goals
• Centralized Knowledge Repository for SOC
• Collaborate and Share Information with other Team Members
• Easy of use and Searchable
• Integrations with other Toolsets
71. SOC Wiki – SIEM Integration
• Current Issues with SIEM Processes, Documentations, Offence
Handling, Knowledge Sharing
• SIEM Integrations into SOC-Wiki
• SIEM Threat Cases
72. SOC Wiki – SIEM Threat Cases
• Listed above is how Threat Cases are displayed in SOC-Wiki
• Threat Case Name, Severity, Status
• Information - Centralized, Detailed and Searchable
• Information updated by SIEM and SOC Teams
74. Security Assurance Level
• Security Assurance Levels (SALs) in Critical Infrastructure
• Functional Requirements
• Security Levels
• Based on 7 x Functional Requirements
• a) Access control (AC)
• b) Use control (UC)
• c) Data integrity (DI)
• d) Data confidentiality (DC)
• e) Restrict data flow (RDF)
• f) Timely response to an event (TRE)
• g) Resource availability (RA)
75. Security Assurance Level
• Security Assurance Levels (SALs) in Critical Infrastructure
• Functional Requirements
• Security Levels
• Based on 4 x Security Levels
77. Security Assurance Level
Achieved SL vs. Target SL
0
1
2
3
4
Access control (AC)
Use control (UC)
Data integrity (DI)
Data confidentiality
(DC)
Restrict data flow
(RDF)
Timely response to an
event (TRE)
Resource availability
(RA)
Achieved Security Level
Target Security Level
78. Shah H Sheikh – Sr. Security Solutions Consultant
MEng CISSP CISA CISM CRISC CCSK
shah@dts-solution.com