Recommended
Recommended
More Related Content
Similar to LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
Similar to LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx (20)
Recently uploaded
Recently uploaded (20)
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
- 1. LIBRARYRESEARCH PROJECT SOC & SIEM SUBMITTEDBY Sonukumarsingh
- 3. PREVIEW INTRO SECURITY OPERATIONS CENTER (SOC) COMPONENTS : SOC RESPONSIBILITIES : SOC SIEM WHY SIEM IS NECESSARY? DIFFERENT SIEM TOOLS CONCLUSION
- 4. INTRO
- 5. SECURITY OPRATIONS CENTER (SOC)
- 6. Security Operations Center is a team consists of cybersecurity experts and trained engineers. It is different than other IT departments because SOC is dedicated to performing advanced IT security operations. Security operations centre services are aimed at preventing any threats to cybersecurity by early detection and response to any incident of hacking or data breach. It is a centralized and the most significant unit of a company that is responsible for handling its security operations. The SOC team of an organization protects significant and confidential company data, along with the brand integrity and business systems of the company. SECURITY OPRATIONS CENTER (SOC)
- 7. COMPONENTS : SOC People.Organizations have the tendency to often give security a big budget for procurement of a lot of tools & equipment, but will not give required importance to people that implement the solution Processes.Timely detection and controlling the damage requires gaining greater visibility into an environment with continuous monitoring capabilities. Technology. Security Information and Event Management (SIEM) technologies have been at the heart of Security Operations Centers.
- 8. WORK FLOW : SOC
- 9. OPERATIONS : SOC Log Collection Log Retention & Archival Log Analysis Monitoring of security Environment for security events Event Correlation Incident Mgt Threat Identification & Reaction Reporting
- 10. • The basic responsibilities of a SOC team include the following:- Asset discovery and management involves obtaining a high awareness of all tools, software, hardware and technologies used within the organization. These also focus on ensuring all assets are working properly and regularly patched and updated. Continuous behavioral monitoring includes examining all systems 24/7 year- round. This enables SOCs to place equal weight on reactive and proactive measures as any irregularity in activity is instantly detected. Behavioral models train data collection systems on what activities are suspicious and can be used to adjust information that might register as false positives. Keeping activity logs enables SOC team members to backtrack or pinpoint previous actions that may have resulted in a breach. All communications and activity should be logged by the SOC. RESPONSIBILITIES : SOC
- 11. SECURITY OPERATION CENTER Alert severity ranking helps teams ensure the most severe or pressing alerts are handled first. Teams must regularly rank cyber security threats in terms of potential damage. Defense development and evolution is important to help SOC teams stay up to date. Teams should create an incident response plan(IRP) to defend systems against new and old attacks. Teams must also adjust the plan as necessary when new information is obtained. Incident recovery enables an organization to recover compromised data. This includes reconfiguring, updating or backing up systems. Compliance maintenance is key to ensuring SOC team members and the company follow regulatory and organizational standards when carrying out business plans. Typically, one team member oversees educating and enforcing compliance. RESPONSIBILITIES : SOC
- 12. SIEM
- 13. SIEM SIEM is tool about looking at what’s happening on the network through a larger lens than can be provided via any one security control or information source. Intrusion Detection only understands Packets, Protocols and IP Addresses Endpoint Security only sees files, usernames and hosts Service Logs show user logins, service activity and configuration changes. Asset Management system sees apps, business processes and owners. However, none of these equipment individually, can tell what is happening to the network in terms of security - but together, they can… SIEM is essentially, a management layer above all existing systems and security controls. It connects and unifies all the information contained in existing systems, allowing them to be analyzed and cross-referenced from a single interface.
- 14. WHY IS SIEM NECESSARY? Rise in data breaches due to internal and external threats Attackers are smart and traditional security tools just don’t suffice Mitigate advance cyber-attacks Manage increasing volumes of logs from multiple sources Meet strict confirming requirements Facilitated by SIEM : - Malware Investigation Phishing Prevention & Detection HR Investigation Departed Employees Risk Mitigation
- 16. ATTRIBUTES OF SIEM & SIEM TOOLS Attributes of SIEM System : - Log Collection Normalization Event Correlation Alerting Data aggregation Top SIEM Tools : - SIEM Splunk SIEM IBM QRadar SIEM Logrhythm
- 17. CONCLUSION The benefit of having a security operations center is the improvement of security incident detection through a continuously monitoring & analysis of data activity. SIEM is a vital component of modern cyber security strategies, providing organization with the tool and capabilities needed to monitor and respond to security threat effectively. Among the benefits of SIEM solution, they can help you store the normalized data, organized it, & easily retrieve it if necessary.
- 18. BY BY