6. Security Operations Center is a team consists of cybersecurity experts and trained
engineers.
It is different than other IT departments because SOC is dedicated to performing advanced
IT security operations.
Security operations centre services are aimed at preventing any threats to cybersecurity
by early detection and response to any incident of hacking or data breach.
It is a centralized and the most significant unit of a company that is responsible for
handling its security operations.
The SOC team of an organization protects significant and confidential company data,
along with the brand integrity and business systems of the company.
SECURITY OPRATIONS CENTER (SOC)
7. COMPONENTS : SOC
People.Organizations have the tendency to often give security a big budget for
procurement of a lot of tools & equipment, but will not give required importance to people that
implement the solution
Processes.Timely detection and controlling the damage requires gaining greater visibility
into an environment with continuous monitoring capabilities.
Technology. Security Information and Event Management (SIEM) technologies have
been at the heart of Security Operations Centers.
10. • The basic responsibilities of a SOC team include the following:-
Asset discovery and management involves obtaining a high awareness of all
tools, software, hardware and technologies used within the organization. These
also focus on ensuring all assets are working properly and regularly patched and
updated.
Continuous behavioral monitoring includes examining all systems 24/7 year-
round. This enables SOCs to place equal weight on reactive and proactive
measures as any irregularity in activity is instantly detected. Behavioral models
train data collection systems on what activities are suspicious and can be used to
adjust information that might register as false positives.
Keeping activity logs enables SOC team members to backtrack or pinpoint
previous actions that may have resulted in a breach. All communications and
activity should be logged by the SOC.
RESPONSIBILITIES : SOC
11. SECURITY OPERATION CENTER
Alert severity ranking helps teams ensure the most severe or pressing alerts
are handled first. Teams must regularly rank cyber security threats in terms of
potential damage.
Defense development and evolution is important to help SOC teams stay up to
date. Teams should create an incident response plan(IRP) to defend systems
against new and old attacks. Teams must also adjust the plan as necessary
when new information is obtained.
Incident recovery enables an organization to recover compromised data. This
includes reconfiguring, updating or backing up systems.
Compliance maintenance is key to ensuring SOC team members and the
company follow regulatory and organizational standards when carrying out
business plans. Typically, one team member oversees educating and enforcing
compliance.
RESPONSIBILITIES : SOC
13. SIEM
SIEM is tool about looking at what’s happening on the network through a larger lens than
can be provided via any one security control or information source.
Intrusion Detection only understands Packets, Protocols and IP Addresses
Endpoint Security only sees files, usernames and hosts
Service Logs show user logins, service activity and configuration changes.
Asset Management system sees apps, business processes and owners.
However, none of these equipment individually, can tell what is happening to the network
in terms of security - but together, they can…
SIEM is essentially, a management layer above all existing systems and security
controls.
It connects and unifies all the information contained in existing systems, allowing them
to be analyzed and cross-referenced from a single interface.
14. WHY IS SIEM NECESSARY?
Rise in data breaches due to internal and external threats
Attackers are smart and traditional security tools just don’t suffice
Mitigate advance cyber-attacks
Manage increasing volumes of logs from multiple sources
Meet strict confirming requirements
Facilitated by SIEM : -
Malware Investigation
Phishing Prevention & Detection
HR Investigation
Departed Employees Risk Mitigation
15.
16. ATTRIBUTES OF SIEM & SIEM TOOLS
Attributes of SIEM System : -
Log Collection
Normalization
Event Correlation
Alerting
Data aggregation
Top SIEM Tools : -
SIEM Splunk
SIEM IBM QRadar
SIEM Logrhythm
17. CONCLUSION
The benefit of having a security operations center is the improvement of security
incident detection through a continuously monitoring & analysis of data activity. SIEM is a
vital component of modern cyber security strategies, providing organization with the tool
and capabilities needed to monitor and respond to security threat effectively. Among the
benefits of SIEM solution, they can help you store the normalized data, organized it, & easily
retrieve it if necessary.