Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
It’s a fair question and one that is compounded by the convergence we see happening across many categories within cybersecurity. Security operations teams have a broad spectrum of choices from pure-play security orchestration and automation platforms to traditional SIEMs that are adding orchestration capabilities.
Visit - https://siemplify.co/blog/do-i-need-a-siem-if-i-have-soar/
SIEM is an abbreviation of “Security Information and Event Management”. It comprises of two parts:
Security Information Management
Security Event Management
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Enterprises face a wide range of threats across their information infrastructure. In order to protect critical systems and information, a comprehensive security approach is necessary. A single layer of defense cannot be considered adequate. Although no system can be considered absolutely secure, a multi-tiered security approach can effectively reduce the overall risk an organization must face.
In this webinar, Tom will illustrate an effective security approach through the image of a castle. He will review many of the different defenses that can be deployed in unison to better secure a network from a range of threats. Tom will also provide examples of improvements that can be made leveraging existing controls to provide an overall increase in organizational security.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
It’s a fair question and one that is compounded by the convergence we see happening across many categories within cybersecurity. Security operations teams have a broad spectrum of choices from pure-play security orchestration and automation platforms to traditional SIEMs that are adding orchestration capabilities.
Visit - https://siemplify.co/blog/do-i-need-a-siem-if-i-have-soar/
SIEM is an abbreviation of “Security Information and Event Management”. It comprises of two parts:
Security Information Management
Security Event Management
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Enterprises face a wide range of threats across their information infrastructure. In order to protect critical systems and information, a comprehensive security approach is necessary. A single layer of defense cannot be considered adequate. Although no system can be considered absolutely secure, a multi-tiered security approach can effectively reduce the overall risk an organization must face.
In this webinar, Tom will illustrate an effective security approach through the image of a castle. He will review many of the different defenses that can be deployed in unison to better secure a network from a range of threats. Tom will also provide examples of improvements that can be made leveraging existing controls to provide an overall increase in organizational security.
In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defence in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.
HD version: http://1drv.ms/1eR5OQf
This is my publication on how the integration of the TOGAF Enterprise Architecture framework, the SABSA Enterprise Security Architecture framework, and Information Governance discipline add up to a robust and successful Information Security Management Program.
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
Security represents one of the biggest concerns about cloud computing. In this session we’ll get past the FUD with a real-world look at some key issues. We’ll discuss the infrastructure necessary to support rationalization and security services, explore architecture for defense –in-depth, and deal frankly with the good, the bad, and the ugly in Cloud security. (As presented by Dave Chappelle at OTN Architect Day in Chicago, October 24, 2011.)
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
The final assignment in the Information Security 365/765 course I teach at UW-Madison, is for teams of students to put together company focused IT security presentations, in which they take the concepts learned in class throughout the entire semester, and apply them to a real company. Here is a sample from Team Netflix! I am proud of the students, and feel that they have gained a solid foundation in the field of information security. Another semester come and gone!
What can local government use to help manage IT security threats and IT losses? NIST has developed standards that are recommended for local governments.
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
Tune in to the full webinar recording here: https://www.beyondtrust.com/resources/webinar/defense-depth-implementing-layered-privileged-password-security-strategy/?access_code=eb6de71b465f16507cadfb2347a9d98f
In this presentation from the live webinar of security expert and TechVangelist Founder/Chief, Nick Cavalancia explores how to apply the defense-in-depth, layered security approach to enterprise password management. Also included in this webinar is an overview of BeyondTrust's PowerBroker Password Safe, the leading solution for enterprise password management.
EAS-SEC: Framework for securing business applicationsERPScan
For a quite long time, ERP Security was only the synonym of segregation of duties. But nowadays this situation has changed. There are 3 areas of Business Application Security such as SOD, Custom Code security and Application platform security. SAP customers are now aware of problems with SAP installations, but they still don’t know, where should they start to solve them.
The aim of EAS-SEC (http://eas-sec.org/) is to aware people about enterprise application security problems and create guidelines and tools for enterprise application security assessment.
We’ve begun an initiative at Citrix to make software development inherently more secure. I’ll start with a few security anecdotes, give you a walkthrough of the security layers from data to physical, and highlight security features along the way. I’ll also discuss the Helix Versioning Engine protocol and show you why SSL encryption should be on by default.
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
Print report contains conditional formatting and printer settings to enhance comprehension for for Cloud Service Providers (CSP) as well as Federal and Departmental Agencies.
Reorganizing Federal IT to Address Today's ThreatsLumension
New reports show U.S. government servers are faced with 1.8 billion cyber attacks every month. View this technical presentation on ‘Reorganizing Federal IT to Address Today’s Threats’ by Richard Stiennon, analyst with IT Harvest and author of Surviving Cyber War, and Paul Zimski, VP of Solution Strategy with Lumension, as they examine:
*Today’s threats targeting government IT systems
*How federal IT departments can be reorganized to improve security and operations
*What key endpoint security capabilities should be implemented
Get expert insight and recommendations on improving your approach to securing IT systems from today’s sophisticated threats.
This comprehensive guide delves into the essential types of testing used in cybersecurity to ensure the resilience of digital systems against malicious attacks. From vulnerability assessments and penetration testing to social engineering and security audits, each testing method is examined in detail, providing insights into their purpose, methodology, and significance in safeguarding against cyber threats. Whether you're a cybersecurity professional seeking to deepen your knowledge or a novice looking to understand the fundamentals, this guide offers valuable insights into the world of cybersecurity testing. for more cybersecurity knowledge visit https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/#
Threat Modelling and managed risks for medical devicesFrédéric Sagez
In the development of cybersecurity strategy that follows FDA and MDCG recommendations for the commercialization of medical imaging software devices, threat modeling helps customers to manage better risks.
Professional Services :
We offer bespoke penetration services to meet the requirements of our clients. We bring years of global experience and stamina to guide our clients through the ever-evolving cyber security threat landscape
We are driven to understand your security concerns and are committed to delivering high quality security solutions, such as :
-Research Powerhouse
-Client-centric Focus
-Affordable
-Certified Security Experts
-Global Consulting Services
https://redfoxsec.com/
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
Defense In Depth Using NIST 800-30
1. A Simple Strategy to Combat Many Security Issues
Kevin M. Moker, CISSP-ISSMP, CISM, ACP
Manager, Information Security Risk Management
Services
2. What is Risk Management
What is Defense In Depth
Questions & Answer Session
3. What is Risk?
Risk is the potential loss from a threat-source
attacking a vulnerability.
Example:
Joe Cracker (threat-source) knows that an online
banking company has not patched (vulnerability) their
backend databases. Joe Cracker exploits (loss) the
system and steals money.
5. Risk Integration into the SDLC
Risk Assessment
Identifying risk
Risk Mitigation
Figuring out how to control the risk
Controls Evaluation
Control recommendations – what should be
used to control the risk
6. Systems Development Life-Cycle (SDLC)
Normal phases of SDLC
Initiation
Build or Acquire
Implementation
Operation and Maintenance
Disposal or End-of-Life
7. Phase 1 – Initiation
Phase Characteristics
The need for an IT system is expressed and the
purpose and scope of the IT system is
documented
Support from Risk Management Activities
Identified risks are used to support the
development of the system requirements,
including security requirements, and a security
concept of operations (strategy)
8. Phase 2 – Build or Acquire
Phase Characteristics
The IT system is designed, purchased,
programmed, developed, or otherwise
constructed
Support from Risk Management Activities
The risks identified during this phase can be used
to support the security analyses of the IT system
that may lead to architecture and design tradeoffs
during system development
9. Phase 3 – Implementation
Phase Characteristics
The system security features should be
configured, enabled, tested, and verified
Support from Risk Management Activities
The risk management process supports the assessment of
the system implementation against its requirements and
within its modeled operational environment. Decisions
regarding risks identified must be made prior to system
operation
10. Phase 4 – Operation & Maintenance
Phase Characteristics
The system performs its functions. Typically the system is
being modified on an ongoing basis through the addition of
hardware and software and by changes to organizational
processes, policies, and procedures
Support from Risk Management Activities
Risk management activities are performed for periodic
system reauthorization or whenever major changes are
made to an IT system in its operational, production
environment (e.g., new system interfaces)
11. Phase 5 – Disposal or End-of-Life
Phase Characteristics
This phase may involve the disposition of information,
hardware, and software. Activities may include moving,
archiving, discarding, or destroying information and
sanitizing the hardware and software
Support from Risk Management Activities
Risk management activities are performed for system
components that will be disposed of or replaced to ensure that
the hardware and software are properly disposed of, that
residual data is appropriately handled, and that system
migration is conducted in a secure and systematic manner
12. Risk is a function of the likelihood of a
given threat-source’s exercising a
particular potential vulnerability, and the
resulting impact of that adverse event on
the organization
14. System Characterization
Inputs
What type of hardware will be used?
What software will be used?
What other software will this software “talk” to or interface with?
What type of data/information will be housed in the software?
Who will use this software/hardware?
What’s the mission of this software/hardware?
Outputs
Scope: What the software will include and not include
Function: What business process the software will support
Data Criticality: The importance of the information
Data Sensitivity: The sensitivity of the information
15. Threat Identification
Inputs
Is there a history of system attacks?
Is there an incident database to leverage?
Is there any data from media sources or government sources?
Are there known threat areas from known popular software sources? (e.g.,
Microsoft)
Outputs
General threat statements
E.g., Windows 7 has 120 known threats. Media sources indicate that 4 of the known threats
have zero-day exploits. Furthermore, internal incident management databases have
revealed malicious code outbreak.
16. Vulnerability Identification
Inputs
Are there any vulnerabilities discovered from past risk assessments?
Are there any audit reports that reveal potential vulnerabilities?
What are the security requirements for the proposed software? (e.g.,
access control, encryption)
Did the security test results result in any potential vulnerabilities?
Outputs
List of Potential Vulnerabilities (e.g., Weak access control system, 56 bit DES
encryption used.
17. Control Analysis
Inputs
What are the current controls for the software compared to the internal
policy controls?
What are the planned controls for those controls not adequately
documented in current policy?
Outputs
List of current controls
List of planned controls
18. Likelihood Determination
Inputs
What would be the motivation for a malicious person to attack this
software?
What is the capacity of the malicious actor? E.g., time, money, support
How easy is it to exploit the vulnerability? E.g, ease of exploiting the
vulnerability
Outputs
Likelihood rating
High Risk
Moderate Risk
Low Risk
19. Impact Anlaysis
Inputs
Is there a business continuity plan that discusses the mission impact
analysis?
Is there an asset criticality documented in the business continuity plan?
What is the data criticality?
What is the data sensitivity?
Outputs
Impact Rating
High Impact
Moderate Impact
Low Impact
20. Risk Determination
Inputs
What is the likelihood of the threat exploitation?
If the threat did exploit the vulnerability, what would be the impact?
Are the current controls adequate (tested by audit or self-assessment)?
Outputs
List of risks and associated risk levels
23. Let’s look at a practical approach of how to
implement this “stuff”
24. Let’s explore the defense-in-depth strategy
to understand where risk should be
addressed.
25.
26. Information Security/Assurance is a tricky
game. It is by no-means perfect and you
can NEVER reduce risk to zero. This
Defense-In-Depth strategy will help an
organization reduce risk a an acceptable
level if management is committed to the
strategy.
27. Crucial for any Information Security
Program
Necessary in most of today’s markets
Being compliant does not mean
secure
Being secure does not mean
compliant
28. Information Security Policies
Staff Responsibility Definitions (RACI)
Security Standards and Guidelines
Security Training
Awareness Communications
Policy Enforcement
Security Monitoring Tools (Physical &
Logical)
30. Data Center Hardening
Physical Access Control Management
Critical Building Hardening (non-data
center)
Internal Physical Security Officers
Hostile Environment Prevention
Program
External Media Protection Program
Paper-based Protection Program
35. This is not a perfect process. Information
Security mixes science and art. Risk
management and defense in depth is part
science and part art. The goal is to try to
reduce the impacts and likelihood of certain
threats. Things WILL happen, but this
program will make the best effort to minimize
threats and impacts.
36. What did you get from this presentation?
Do you think that this information is
useful?
Do you think you could apply this to your
life and not just systems?