Downloaded 70 times
Uploaded byReZa AdineH
Effective Security Operation Center - present by Reza Adineh
The document discusses how to effectively manage a cyber security operations center (SOC). It addresses questions about how to assess the effectiveness and maturity of a SOC, ensure sufficient threat detection capabilities through proper sensors and data collection, and utilize threat intelligence and data enrichment. The document also provides steps to implement threat management, incident response processes, and leverage machine learning and user entity behavior analytics to detect anomalous user behavior and insider threats.
More Related Content
Similar to Effective Security Operation Center - present by Reza Adineh
![[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...](https://cdn.slidesharecdn.com/ss_thumbnails/cb22keynoteunderwhelmedmakingsenseoftheoverwhelmingchallengeofcybersecurity-230101083039-ff0c756e-thumbnail.jpg?width=640&height=640&fit=bounds)
Effective Security Operation Center - present by Reza Adineh
- 1. Effective Cyber SecurityOperation Center Reza Adineh 10/7/2018 RezZaAdineH 1
- 2. • Is yourSOC effective ? • How can you Improve your SOC ? • IS your SOC mature ? • What sensors you have ? Is it enough to Threat detection ? • What Logs & Data you gathering ? • Do you enrich your data ? • How you enrich your Data ? • Is your incident management work properly ? • Do you have threat management ? 10/7/2018 RezZaAdineH 2
- 3. Lets check outsome more important questions: • 1st of all what you need to protect ? • 2nd how you want to protect ? • 3rd do you have enough vision on what is happening ? • 4th can you protect your asset from new threat ? How about existed threat ? • 5th can you predict future ? what is going on ? 10/7/2018 RezZaAdineH 3
- 4. Check overall stepsyou should do: 1. Do Threat Management 2. Implement Castle Approaches, also avoid SPF (single point of Failure) 3. Plan & Implement high protection topology 4. Tune all of your sensors 5. Prioritize your sensors 6. Lets gather all data 7. Use ML & AI base solutions 8. Use Threat Intelligence & Do Enrichment on Logs & Data 9. Do threat Haunting 10. Do Cyber Exercise regularly & make improvement 11. Use a maturity model for best effort 10/7/2018 RezZaAdineH 4
- 5. How to effectivelymanage incidents? • If you don’t have enough tools, you can not find out what's going on • So, 1st of all solve lack of technology & use practical Tools for increase visibility • Apply good detailed process for handling tools via experienced & knowledgeable people 10/7/2018 RezZaAdineH 5
- 6. 10/7/2018 RezZaAdineH 6 Methodologiesof Incident Management: • "Incident Handler's Handbook”, SANS Institute 2011 • "Computer Security Incident Handling Guide„NIST 2012 • "Strategies for incident response and cyber crisis cooperation", ENISA 2016 • „CSIRT Services Framework”, Forum of Incident Response and Security Teams • „SIM3 : Security Incident Management Maturity Model”, S-CURE and PRESECURE Complex and time consuming How to effectively manage incidents?
- 7. 10/7/2018 RezZaAdineH 7 (…)Multilayered security and use of user and entity behavior analytics will become a requirement for virtually every enterprise. More information: http://www.gartner.com/smarte rwithgartner/ gartners-top-10- technology-trends-2017/
- 8. The problem User-based threatsare on the rise: • 69% of organizations report incidents of attempted data theft — by internal threats. • 81% of breaches involve stolen or weak credentials. • 91% of firms report inadequate insider threat detection programs. Verizon Data Breach Investigations Report, 2017 10/7/2018 RezZaAdineH 8
- 9.
- 10. The solution • Enterprisemodern solutions … • Arm Your Organization with UEBA • Arm Your Organization with proper Process 10/7/2018 RezZaAdineH 10
- 11.
- 12. Detect and Respondto Anomalous User Behavior with Security Analytics and Machine Learning • To avoid a data breach, your organization must detect and respond quickly to anomalous activity. User and entity behavior analytics (UEBA) can help you monitor for known threats and behavioral changes in user data, providing critical visibility to uncover user-based threats that might otherwise go undetected. 10/7/2018 RezZaAdineH 12
- 13.
- 14. User & Entitybehavior analysis (UEBA) • User behavior analytics as defined by Gartner is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. • UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, UBA tracks a system's users. Big data platforms like Apache Hadoop are increasing UBA functionality by allowing them to analyze petabytes worth of data to detect insider threats and advanced persistent threats. 10/7/2018 RezZaAdineH 14
- 15.
- 16. With UEBA, yourteam can: • Collect and prepare data from diverse sources to provide clean sets for effective analytics. • Obtain a true view of the identity of users and hosts — not just their disparate identifiers. • Detect known and unknown threats by applying full-spectrum analytics. • Accelerate threat qualification and investigation with powerful data visualizations and direct access to underlying data. • Streamline response using integrated playbooks, guided workflows, and approval- driven task automation. • Use artificial intelligence (AI) and machine learning (ML) technologies to improve time to detect and respond to threats. 10/7/2018 RezZaAdineH 16
- 17. Sample: • Splunk UBAis a machine learning driven solution that helps organizations find hidden threats and anomalous behavior across users, devices, and applications. ... Splunk UBA visualizes the threat over a kill-chain, thereby, providing contextual awareness, along with supporting evidence for SOC analyst to consume. 10/7/2018 RezZaAdineH 17
- 18.