SlideShare a Scribd company logo

Manoj Purandare- Stratergy towards an Effective Security Operations Centre - SOC

Manoj Purandare ☁
Manoj Purandare ☁

Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security

Presentations & Public Speaking
1 of 33
A Strategy towards an Effective SOC - Manoj Purandare Effective Security Operations Centre SOC building - by Manoj Purandare This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security.
A Strategy towards an Effective SOC - Manoj Purandare I - Background - Information Technology continues to evolve at a rapid pace. This article describes a structured approach toward the formation of a government SOC that enables organizations to integrate this capability into their overall Information Security Management System (ISMS) and align with many of the requirements introduced by ISO/IEC 27001:2013. So, why do we need a SOC ?
A Strategy towards an Effective SOC - Manoj Purandare II- Creating the Roadmap – Since you can’t build a world-class SOC overnight, creating a plan for incremental phases of implementation is critical to success. • Budget • Timelines • What goes into such a roadmap? • What comes first and what next? • The goal can be execute regular incremental improvements based on your completed gap analysis and to establish a series of prioritized milestones that lead the organization towards optimized security and improved incident detection and response. • You need • The Right People • The Required Process • The ever updating and precise Technology • The Platform • The Proactive and Real Time – Threat Intelligence
A Strategy towards an Effective SOC - Manoj Purandare Let us see a basic design flow of the SOC requirements as below :
A Strategy towards an Effective SOC - Manoj Purandare
A Strategy towards an Effective SOC - Manoj Purandare The gaps you uncover in that analysis can be translated into goals. Budget, personnel and cultural constraints require that new processes and technologies be implemented in stages.
A Strategy towards an Effective SOC - Manoj Purandare The Required SOC team members & their roles and responsibilities 1.The Right People
A Strategy towards an Effective SOC - Manoj Purandare The Required SOC team members & their roles and responsibilities In addition to SOC analysts, a security operations center requires a ringmaster for its many moving parts. The SOC manager often fights fires, within and outside of the SOC. The SOC manager is responsible for prioritizing work and organizing resources with the ultimate goal of detecting, investigating and mitigating incidents that could impact the business. A typical SOC organization is illustrated in Figure 2.
A Strategy towards an Effective SOC - Manoj Purandare The Required SOC team members & their roles and responsibilities The SOC Org Chart : The SOC manager should develop a workflow model and implement standardized operating procedures (SOPs) for the incident-handling process that guides analysts through triage and response procedures.
A Strategy towards an Effective SOC - Manoj Purandare 2. The required Processes
A Strategy towards an Effective SOC - Manoj Purandare
A Strategy towards an Effective SOC - Manoj Purandare The Collective SOC Team. Since not all skills and attributes will likely be found within each individual, capabilities should be balanced across the SOC. Each shift should have a blend of skills and temperaments, including “people” people; analysts that can communicate effectively with the IT service provider or the organizational workforce. Escalation and Complexity. Every service will require graduated skill levels, and some services require a more experienced “junior” level analyst than others. Staff shifts with a mix of experience levels and seniority. Advancement and Rotation. • Establish growth paths for every position with the SOC. • You will also need to plan for training and professional development • Growth and training opportunities will help retain a professional workforce. Trust Level. • SOC analysts will have regular access to highly sensitive organizational information. Implement a thorough regulations that require special background checks for people with elevated access to IT systems.
A Strategy towards an Effective SOC - Manoj Purandare 3. The ever updating and precise Technology
A Strategy towards an Effective SOC - Manoj Purandare 4. The platform : With known and unknown, advanced threat detection and prevention, URL filtering, and mobile security—correlate all of these security functions and protect the datacenter and the network perimeter. The platform enables the government agency to take a whitelisting approach to their applications, with the ability to segment government agencies Alerts are drastically reduced significantly reducing the workload for the SOC analyst.
A Strategy towards an Effective SOC - Manoj Purandare You may also need to considers the other controls as SOC Layered Security Controls and the Physical Security Controls :
A Strategy towards an Effective SOC - Manoj Purandare You may also need to considers the other controls as SOC Layered Security Controls and the Physical Security Controls :
A Strategy towards an Effective SOC - Manoj Purandare Beyond this, We need to be prepared with our SOC Service Service Catalogue that may give a clear picture on SOC business operation and facilities available for a customer :
A Strategy towards an Effective SOC - Manoj Purandare Initially, we have to define on various SOC Key tools, their integration, and their working
A Strategy towards an Effective SOC - Manoj Purandare Initially, we have to define on various SOC Key tools, their integration, and their working
A Strategy towards an Effective SOC - Manoj Purandare Initially, we have to define on various SOC Key tools, their integration, and their working
A Strategy towards an Effective SOC - Manoj Purandare 5.. The Proactive and Real time - Threat Intelligence Mature SOCs continually develop the capability to consume and leverage threat intelligence from their past incidents and from information-sharing sources According to the 2015 SANS Cyberthreat Intelligence (CTI) Survey, 69% of respondents reported that their organization implemented some cyberthreat intelligence capability, with 27% indicating that their teams fully embrace the concept of CTI and integrated response procedures across systems and staff. Obstacles to Efficient SOC Incident Handling To achieve efficient incident handling, the SOC must avoid bottlenecks in the IR process that moves incidents through Tier 1, into Tier 2, and finally through Tier 3. Bottlenecks can occur due to too much “white noise,” alerts of little consequence or false-positives that lead to analyst “alert fatigue.” Understanding of the government’s enterprise network topology, including all connections (Internet, mission partners, cloud providers, vendor specific, etc.) is needed for an understanding of attack vectors. No intelligence exists without visibility—visibility across the whole network, including endpoints, for all applications, all content, and all users.
A Strategy towards an Effective SOC - Manoj Purandare Employing a platform like similar to that of Palo Alto Networks platform including network and endpoint visibility and threat prevention can significantly increase that visibility and subsequently accelerate the SOC’s intelligence capability. The Palo Alto Networks platform detects ever changing threats, but more importantly provides the ability to prevent them as soon as possible, ideally before they have detonated on the network. All insights feed onboard signature creation to detect and prevent future attacks. We can accomplish this in a flexible and extensible platform that enables uniform protection across traditional infrastructure at the network edge, the cloud and mobile devices. So define your road map clearly.
A Strategy towards an Effective SOC - Manoj Purandare III. The SOC Governance, GRC and Process Framework The framework for the Security Operations Center (SOC), like most organizational capabilities, can be described in terms of its People, Processes, and Technology. The people needed to staff the SOC are defined by an organizational structure, manning levels, skill sets, and a professional development path to ensure the people grow as the organization grows. Clearly defined processes needed to sustain the organization and provide the services it offers are essential to the successful accomplishment of the mission. Technology is a critical enabler to the SOC mission; automated tools can be used to correlate, reduce, and analyze the volume of data entering the SOC. We will explain all four components in more detail, but we begin by presenting a high level recipe for success. Check for the 11-Steps Recipe for SOC Success here ahead
A Strategy towards an Effective SOC - Manoj Purandare Below diagrams represent the SOC Governance model, GRC, Process Framework, etc.
A Strategy towards an Effective SOC - Manoj Purandare The SOC GRC :
A Strategy towards an Effective SOC - Manoj Purandare The SOC Process Framework :
A Strategy towards an Effective SOC - Manoj Purandare IV. And finally, The 11-Steps Recipe for SOC Success There are 11 recommended steps that form the foundation of a new or revitalized SOC. This article assumes the government organization or a Private Organization, has already decided to create an in-sourced SOC capability rather than seek it as a service from an out-sourced provider or agency within the given government—a decision that involves factors beyond the scope of this paper. The first step is to identify an executable mission including whom the SOC will serve, and where it will be located organizationally. Next the SOC should identify the services offered. The service architecture should be evolutionary; fewer services delivered well at the onset is better than many services offered poorly. As the SOC and the supported organization mature, so can the services offered. Once these foundational steps are completed, the organization can acquire and develop the appropriate people, process, technology, and intelligence to align with the mission and the services. Concurrently, the SOC must establish and execute an effective communication strategy to get buy-in at all levels within the organization.
A Strategy towards an Effective SOC - Manoj Purandare The 11-Steps Recipe for SOC Success here ahead A. Identify an Executable Mission B. Identify the Services Offered C. Basic Core SOC services: D. Intermediate Core SOC services: E. Advanced SOC services: F. Supporting SOC services: G. Document the Mission and Services H. Adding Context to Security Incidents I. Defining Normal Through Baselining J. Acquire the necessary People, Processes, Technologies and Intelligence K. Execute an Effective Communications Strategy
A Strategy towards an Effective SOC - Manoj Purandare
A Strategy towards an Effective SOC - Manoj Purandare The SOC must establish itself as a mission enabler rather than an encumbrance. Ultimately this distinction will be determined by action; initially it will be determined by message. Finally, the SOC may be required to establish relationships with partner organizations within government domestic and international security frameworks, but even if not mandated, should establish relationships with peer organizations. Reach out to similar organizations and understand their approach to cybersecurity. If knowledge is power, these peer relationships will increase both exponentially. Summary : Whether you have decided to create a SOC as part of the government organization’s Information Security Management System (ISMS) for ISO/IEC 27001 certification, or just recognizing a need to centralize IT security efforts, this whitepaper will provide a useful map of your path to success. Understand the organization’s objective. Select the people, process, and technology that fit the organization. Focus on Intelligence. Communicate and Execute. Building a SOC may seem onerous, but the payoff—with improved visibility, intelligence and protection for the government in these challenging times—will be well worth it.
A Strategy towards an Effective SOC - Manoj Purandare Some useful links : https://blog.komand.com/how-to-structure-a-security-operations-center https://www.mcafee.com/in/resources/white-papers/foundstone/wp-creating-maintaining-soc.pdf Reference and Acknowledgements : https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations- center-roadmap-35907 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf https://www.sans.org/reading-room/whitepapers/analyst/benchmarking-security-information-event- management-siem-34755 http://www.sans.org/reading-room/whitepapers/analyst/ninth-log-management-survey-report- 35497 https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342 https://www.sans.org/webcasts/cyberthreat-intelligence-how-1-definitions-tools-standards-99052 https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342 https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/white-papers/security- operations-centers.pdf
A Strategy towards an Effective SOC - Manoj Purandare An article on - Strategy for building an effective Security Operations Center [SOC] Sincere Thanks .!!! for all the experts in the Government, IT, Infosec & Cyber Security Industry This article is a basic guideline towards – Strategy for building an effective Security Operations Center [SOC]. I whole heartedly and sincerely thank you one and all who provided me valuable inputs, references and information to complete it for the benefit of Government and Corporate Infosec and Cyber Security World Treat this Slide dedicated and acknowledgement to one and all who I forgot to mention, missed out their names, companies, website and other info here in this presentation. I thank you and apologize if I had forgot to mention you here.
A Strategy towards an Effective SOC - Manoj Purandare Manoj Purandare DCM, MCS, CISSP, PMP, PgMP, ITIL, Cyber Crime Analyst, PCI DSS Security Implementer, with more than 2 decades of IT and Infosec experience and specialization mail: technicalmanoj@gmail.com Linkedin : https://www.linkedin.com/in/manojypurandare about – Author & Presenter Thank you

Recommended

Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guideColleen Johnson
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security StrategyInfo-Tech Research Group
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfTapOffice
 
Implementing Security Operations Center (SOC): Strategies for Success in 2024
Implementing Security Operations Center (SOC): Strategies for Success in 2024Implementing Security Operations Center (SOC): Strategies for Success in 2024
Implementing Security Operations Center (SOC): Strategies for Success in 2024Neil Johnson
 

Recommended

Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guideColleen Johnson
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security StrategyInfo-Tech Research Group
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfTapOffice
 
Implementing Security Operations Center (SOC): Strategies for Success in 2024
Implementing Security Operations Center (SOC): Strategies for Success in 2024Implementing Security Operations Center (SOC): Strategies for Success in 2024
Implementing Security Operations Center (SOC): Strategies for Success in 2024Neil Johnson
 
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfssuser2209e8
 
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...Needs Assessment and Implementation Requirements of a Knowledge Management Sy...
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...Paul Santilli
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centreNaushad Rajani. - CISA, CISSP, CCSP, PMP, DCPP (Privacy)
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Brochure Auditing Erp System V2
Brochure Auditing Erp System V2Brochure Auditing Erp System V2
Brochure Auditing Erp System V2agc infotech
 
Ops360 - Workforce Management Solution - V1
Ops360 - Workforce Management Solution - V1Ops360 - Workforce Management Solution - V1
Ops360 - Workforce Management Solution - V1NetConnect2
 
New hospital it strategy 2
New hospital it strategy 2New hospital it strategy 2
New hospital it strategy 2Pankaj Gupta
 
Intranet Automation of Human Resource Management System
Intranet Automation of Human Resource Management SystemIntranet Automation of Human Resource Management System
Intranet Automation of Human Resource Management SystemIOSR Journals
 
IRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET Journal
 
IRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET Journal
 
Forrester how to create a knockout social business and collaboration strategi...
Forrester how to create a knockout social business and collaboration strategi...Forrester how to create a knockout social business and collaboration strategi...
Forrester how to create a knockout social business and collaboration strategi...Office
 
IT_Analyst_6_Shentaijun
IT_Analyst_6_ShentaijunIT_Analyst_6_Shentaijun
IT_Analyst_6_Shentaijun?? ?
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notesedwinlorenzana
 
computer science.docx. Mohit Class 12 follow for more
computer science.docx. Mohit Class 12 follow for morecomputer science.docx. Mohit Class 12 follow for more
computer science.docx. Mohit Class 12 follow for morekimchibhendalbhai070
 
Developing a talent management information strategy
Developing a talent management information strategyDeveloping a talent management information strategy
Developing a talent management information strategyAl-Qurmoshi Institute of Business Management, Hyderabad
 
Business analysis
Business analysis Business analysis
Business analysis Gautam Kumar
 
Business analysis
Business analysis Business analysis
Business analysis Gautam Kumar
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 

More Related Content

Similar to Manoj Purandare- Stratergy towards an Effective Security Operations Centre - SOC

RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfssuser2209e8
 
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...Needs Assessment and Implementation Requirements of a Knowledge Management Sy...
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...Paul Santilli
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Brochure Auditing Erp System V2
Brochure Auditing Erp System V2Brochure Auditing Erp System V2
Brochure Auditing Erp System V2agc infotech
 
Ops360 - Workforce Management Solution - V1
Ops360 - Workforce Management Solution - V1Ops360 - Workforce Management Solution - V1
Ops360 - Workforce Management Solution - V1NetConnect2
 
New hospital it strategy 2
New hospital it strategy 2New hospital it strategy 2
New hospital it strategy 2Pankaj Gupta
 
Intranet Automation of Human Resource Management System
Intranet Automation of Human Resource Management SystemIntranet Automation of Human Resource Management System
Intranet Automation of Human Resource Management SystemIOSR Journals
 
IRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET Journal
 
IRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET Journal
 
Forrester how to create a knockout social business and collaboration strategi...
Forrester how to create a knockout social business and collaboration strategi...Forrester how to create a knockout social business and collaboration strategi...
Forrester how to create a knockout social business and collaboration strategi...Office
 
IT_Analyst_6_Shentaijun
IT_Analyst_6_ShentaijunIT_Analyst_6_Shentaijun
IT_Analyst_6_Shentaijun?? ?
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notesedwinlorenzana
 
computer science.docx. Mohit Class 12 follow for more
computer science.docx. Mohit Class 12 follow for morecomputer science.docx. Mohit Class 12 follow for more
computer science.docx. Mohit Class 12 follow for morekimchibhendalbhai070
 
Business analysis
Business analysis Business analysis
Business analysis Gautam Kumar
 
Business analysis
Business analysis Business analysis
Business analysis Gautam Kumar
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 

Similar to Manoj Purandare- Stratergy towards an Effective Security Operations Centre - SOC (20)

RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
 
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...Needs Assessment and Implementation Requirements of a Knowledge Management Sy...
Needs Assessment and Implementation Requirements of a Knowledge Management Sy...
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
 
Brochure Auditing Erp System V2
Brochure Auditing Erp System V2Brochure Auditing Erp System V2
Brochure Auditing Erp System V2
 
Ops360 - Workforce Management Solution - V1
Ops360 - Workforce Management Solution - V1Ops360 - Workforce Management Solution - V1
Ops360 - Workforce Management Solution - V1
 
New hospital it strategy 2
New hospital it strategy 2New hospital it strategy 2
New hospital it strategy 2
 
Intranet Automation of Human Resource Management System
Intranet Automation of Human Resource Management SystemIntranet Automation of Human Resource Management System
Intranet Automation of Human Resource Management System
 
IRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based ApproachIRJET - Social Network Message Credibility: An Agent-based Approach
IRJET - Social Network Message Credibility: An Agent-based Approach
 
IRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based ApproachIRJET- Social Network Message Credibility: An Agent-based Approach
IRJET- Social Network Message Credibility: An Agent-based Approach
 
Forrester how to create a knockout social business and collaboration strategi...
Forrester how to create a knockout social business and collaboration strategi...Forrester how to create a knockout social business and collaboration strategi...
Forrester how to create a knockout social business and collaboration strategi...
 
IT_Analyst_6_Shentaijun
IT_Analyst_6_ShentaijunIT_Analyst_6_Shentaijun
IT_Analyst_6_Shentaijun
 
Securing Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation NotesSecuring Citizen Facing Applications Presentation Notes
Securing Citizen Facing Applications Presentation Notes
 
computer science.docx. Mohit Class 12 follow for more
computer science.docx. Mohit Class 12 follow for morecomputer science.docx. Mohit Class 12 follow for more
computer science.docx. Mohit Class 12 follow for more
 
Developing a talent management information strategy
Developing a talent management information strategyDeveloping a talent management information strategy
Developing a talent management information strategy
 
Business analysis
Business analysis Business analysis
Business analysis
 
Business analysis
Business analysis Business analysis
Business analysis
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 

More from Manoj Purandare ☁

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOC
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOCManoj purandare - Strategy towards an Effective Security Operations Centre - SOC
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOCManoj Purandare ☁
 
Manoj purandare Stratergy towards an effective soc
Manoj purandare Stratergy towards an effective socManoj purandare Stratergy towards an effective soc
Manoj purandare Stratergy towards an effective socManoj Purandare ☁
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 

More from Manoj Purandare ☁ (10)

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
 
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...
 
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOC
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOCManoj purandare - Strategy towards an Effective Security Operations Centre - SOC
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOC
 
Manoj purandare Stratergy towards an effective soc
Manoj purandare Stratergy towards an effective socManoj purandare Stratergy towards an effective soc
Manoj purandare Stratergy towards an effective soc
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 

Recently uploaded

Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerVladimir Samoylov
 
Hi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptxHi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptxShivamM16
 
123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptx123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptxgargh1099
 
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdfOracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdfSkillCertProExams
 
The Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDFThe Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDFRahsaan L. Browne
 
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22LHelferty
 
527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdfrajpreetkaur75080
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesIP ServerOne
 
05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community Networking05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community NetworkingMichael Orias
 
Breathing in New Life_ Part 3 05 22 2024.pptx
Breathing in New Life_ Part 3 05 22 2024.pptxBreathing in New Life_ Part 3 05 22 2024.pptx
Breathing in New Life_ Part 3 05 22 2024.pptxFamilyWorshipCenterD
 
Introduction of Biology in living organisms
Introduction of Biology in living organismsIntroduction of Biology in living organisms
Introduction of Biology in living organismssoumyapottola
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationAccess Innovations, Inc.
 
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...Rahsaan L. Browne
 

Recently uploaded (14)

Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
Hi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptxHi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptx
 
123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptx123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptx
 
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdfOracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
Oracle Database Administration I (1Z0-082) Exam Dumps 2024.pdf
 
The Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDFThe Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDF
 
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
 
527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community Networking05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community Networking
 
Breathing in New Life_ Part 3 05 22 2024.pptx
Breathing in New Life_ Part 3 05 22 2024.pptxBreathing in New Life_ Part 3 05 22 2024.pptx
Breathing in New Life_ Part 3 05 22 2024.pptx
 
Introduction of Biology in living organisms
Introduction of Biology in living organismsIntroduction of Biology in living organisms
Introduction of Biology in living organisms
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
 

Manoj Purandare- Stratergy towards an Effective Security Operations Centre - SOC

  • 1. A Strategy towards an Effective SOC - Manoj Purandare Effective Security Operations Centre SOC building - by Manoj Purandare This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security.
  • 2. A Strategy towards an Effective SOC - Manoj Purandare I - Background - Information Technology continues to evolve at a rapid pace. This article describes a structured approach toward the formation of a government SOC that enables organizations to integrate this capability into their overall Information Security Management System (ISMS) and align with many of the requirements introduced by ISO/IEC 27001:2013. So, why do we need a SOC ?
  • 3. A Strategy towards an Effective SOC - Manoj Purandare II- Creating the Roadmap – Since you can’t build a world-class SOC overnight, creating a plan for incremental phases of implementation is critical to success. • Budget • Timelines • What goes into such a roadmap? • What comes first and what next? • The goal can be execute regular incremental improvements based on your completed gap analysis and to establish a series of prioritized milestones that lead the organization towards optimized security and improved incident detection and response. • You need • The Right People • The Required Process • The ever updating and precise Technology • The Platform • The Proactive and Real Time – Threat Intelligence
  • 4. A Strategy towards an Effective SOC - Manoj Purandare Let us see a basic design flow of the SOC requirements as below :
  • 5. A Strategy towards an Effective SOC - Manoj Purandare
  • 6. A Strategy towards an Effective SOC - Manoj Purandare The gaps you uncover in that analysis can be translated into goals. Budget, personnel and cultural constraints require that new processes and technologies be implemented in stages.
  • 7. A Strategy towards an Effective SOC - Manoj Purandare The Required SOC team members & their roles and responsibilities 1.The Right People
  • 8. A Strategy towards an Effective SOC - Manoj Purandare The Required SOC team members & their roles and responsibilities In addition to SOC analysts, a security operations center requires a ringmaster for its many moving parts. The SOC manager often fights fires, within and outside of the SOC. The SOC manager is responsible for prioritizing work and organizing resources with the ultimate goal of detecting, investigating and mitigating incidents that could impact the business. A typical SOC organization is illustrated in Figure 2.
  • 9. A Strategy towards an Effective SOC - Manoj Purandare The Required SOC team members & their roles and responsibilities The SOC Org Chart : The SOC manager should develop a workflow model and implement standardized operating procedures (SOPs) for the incident-handling process that guides analysts through triage and response procedures.
  • 10. A Strategy towards an Effective SOC - Manoj Purandare 2. The required Processes
  • 11. A Strategy towards an Effective SOC - Manoj Purandare
  • 12. A Strategy towards an Effective SOC - Manoj Purandare The Collective SOC Team. Since not all skills and attributes will likely be found within each individual, capabilities should be balanced across the SOC. Each shift should have a blend of skills and temperaments, including “people” people; analysts that can communicate effectively with the IT service provider or the organizational workforce. Escalation and Complexity. Every service will require graduated skill levels, and some services require a more experienced “junior” level analyst than others. Staff shifts with a mix of experience levels and seniority. Advancement and Rotation. • Establish growth paths for every position with the SOC. • You will also need to plan for training and professional development • Growth and training opportunities will help retain a professional workforce. Trust Level. • SOC analysts will have regular access to highly sensitive organizational information. Implement a thorough regulations that require special background checks for people with elevated access to IT systems.
  • 13. A Strategy towards an Effective SOC - Manoj Purandare 3. The ever updating and precise Technology
  • 14. A Strategy towards an Effective SOC - Manoj Purandare 4. The platform : With known and unknown, advanced threat detection and prevention, URL filtering, and mobile security—correlate all of these security functions and protect the datacenter and the network perimeter. The platform enables the government agency to take a whitelisting approach to their applications, with the ability to segment government agencies Alerts are drastically reduced significantly reducing the workload for the SOC analyst.
  • 15. A Strategy towards an Effective SOC - Manoj Purandare You may also need to considers the other controls as SOC Layered Security Controls and the Physical Security Controls :
  • 16. A Strategy towards an Effective SOC - Manoj Purandare You may also need to considers the other controls as SOC Layered Security Controls and the Physical Security Controls :
  • 17. A Strategy towards an Effective SOC - Manoj Purandare Beyond this, We need to be prepared with our SOC Service Service Catalogue that may give a clear picture on SOC business operation and facilities available for a customer :
  • 18. A Strategy towards an Effective SOC - Manoj Purandare Initially, we have to define on various SOC Key tools, their integration, and their working
  • 19. A Strategy towards an Effective SOC - Manoj Purandare Initially, we have to define on various SOC Key tools, their integration, and their working
  • 20. A Strategy towards an Effective SOC - Manoj Purandare Initially, we have to define on various SOC Key tools, their integration, and their working
  • 21. A Strategy towards an Effective SOC - Manoj Purandare 5.. The Proactive and Real time - Threat Intelligence Mature SOCs continually develop the capability to consume and leverage threat intelligence from their past incidents and from information-sharing sources According to the 2015 SANS Cyberthreat Intelligence (CTI) Survey, 69% of respondents reported that their organization implemented some cyberthreat intelligence capability, with 27% indicating that their teams fully embrace the concept of CTI and integrated response procedures across systems and staff. Obstacles to Efficient SOC Incident Handling To achieve efficient incident handling, the SOC must avoid bottlenecks in the IR process that moves incidents through Tier 1, into Tier 2, and finally through Tier 3. Bottlenecks can occur due to too much “white noise,” alerts of little consequence or false-positives that lead to analyst “alert fatigue.” Understanding of the government’s enterprise network topology, including all connections (Internet, mission partners, cloud providers, vendor specific, etc.) is needed for an understanding of attack vectors. No intelligence exists without visibility—visibility across the whole network, including endpoints, for all applications, all content, and all users.
  • 22. A Strategy towards an Effective SOC - Manoj Purandare Employing a platform like similar to that of Palo Alto Networks platform including network and endpoint visibility and threat prevention can significantly increase that visibility and subsequently accelerate the SOC’s intelligence capability. The Palo Alto Networks platform detects ever changing threats, but more importantly provides the ability to prevent them as soon as possible, ideally before they have detonated on the network. All insights feed onboard signature creation to detect and prevent future attacks. We can accomplish this in a flexible and extensible platform that enables uniform protection across traditional infrastructure at the network edge, the cloud and mobile devices. So define your road map clearly.
  • 23. A Strategy towards an Effective SOC - Manoj Purandare III. The SOC Governance, GRC and Process Framework The framework for the Security Operations Center (SOC), like most organizational capabilities, can be described in terms of its People, Processes, and Technology. The people needed to staff the SOC are defined by an organizational structure, manning levels, skill sets, and a professional development path to ensure the people grow as the organization grows. Clearly defined processes needed to sustain the organization and provide the services it offers are essential to the successful accomplishment of the mission. Technology is a critical enabler to the SOC mission; automated tools can be used to correlate, reduce, and analyze the volume of data entering the SOC. We will explain all four components in more detail, but we begin by presenting a high level recipe for success. Check for the 11-Steps Recipe for SOC Success here ahead
  • 24. A Strategy towards an Effective SOC - Manoj Purandare Below diagrams represent the SOC Governance model, GRC, Process Framework, etc.
  • 25. A Strategy towards an Effective SOC - Manoj Purandare The SOC GRC :
  • 26. A Strategy towards an Effective SOC - Manoj Purandare The SOC Process Framework :
  • 27. A Strategy towards an Effective SOC - Manoj Purandare IV. And finally, The 11-Steps Recipe for SOC Success There are 11 recommended steps that form the foundation of a new or revitalized SOC. This article assumes the government organization or a Private Organization, has already decided to create an in-sourced SOC capability rather than seek it as a service from an out-sourced provider or agency within the given government—a decision that involves factors beyond the scope of this paper. The first step is to identify an executable mission including whom the SOC will serve, and where it will be located organizationally. Next the SOC should identify the services offered. The service architecture should be evolutionary; fewer services delivered well at the onset is better than many services offered poorly. As the SOC and the supported organization mature, so can the services offered. Once these foundational steps are completed, the organization can acquire and develop the appropriate people, process, technology, and intelligence to align with the mission and the services. Concurrently, the SOC must establish and execute an effective communication strategy to get buy-in at all levels within the organization.
  • 28. A Strategy towards an Effective SOC - Manoj Purandare The 11-Steps Recipe for SOC Success here ahead A. Identify an Executable Mission B. Identify the Services Offered C. Basic Core SOC services: D. Intermediate Core SOC services: E. Advanced SOC services: F. Supporting SOC services: G. Document the Mission and Services H. Adding Context to Security Incidents I. Defining Normal Through Baselining J. Acquire the necessary People, Processes, Technologies and Intelligence K. Execute an Effective Communications Strategy
  • 29. A Strategy towards an Effective SOC - Manoj Purandare
  • 30. A Strategy towards an Effective SOC - Manoj Purandare The SOC must establish itself as a mission enabler rather than an encumbrance. Ultimately this distinction will be determined by action; initially it will be determined by message. Finally, the SOC may be required to establish relationships with partner organizations within government domestic and international security frameworks, but even if not mandated, should establish relationships with peer organizations. Reach out to similar organizations and understand their approach to cybersecurity. If knowledge is power, these peer relationships will increase both exponentially. Summary : Whether you have decided to create a SOC as part of the government organization’s Information Security Management System (ISMS) for ISO/IEC 27001 certification, or just recognizing a need to centralize IT security efforts, this whitepaper will provide a useful map of your path to success. Understand the organization’s objective. Select the people, process, and technology that fit the organization. Focus on Intelligence. Communicate and Execute. Building a SOC may seem onerous, but the payoff—with improved visibility, intelligence and protection for the government in these challenging times—will be well worth it.
  • 31. A Strategy towards an Effective SOC - Manoj Purandare Some useful links : https://blog.komand.com/how-to-structure-a-security-operations-center https://www.mcafee.com/in/resources/white-papers/foundstone/wp-creating-maintaining-soc.pdf Reference and Acknowledgements : https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations- center-roadmap-35907 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf https://www.sans.org/reading-room/whitepapers/analyst/benchmarking-security-information-event- management-siem-34755 http://www.sans.org/reading-room/whitepapers/analyst/ninth-log-management-survey-report- 35497 https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342 https://www.sans.org/webcasts/cyberthreat-intelligence-how-1-definitions-tools-standards-99052 https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342 https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/white-papers/security- operations-centers.pdf
  • 32. A Strategy towards an Effective SOC - Manoj Purandare An article on - Strategy for building an effective Security Operations Center [SOC] Sincere Thanks .!!! for all the experts in the Government, IT, Infosec & Cyber Security Industry This article is a basic guideline towards – Strategy for building an effective Security Operations Center [SOC]. I whole heartedly and sincerely thank you one and all who provided me valuable inputs, references and information to complete it for the benefit of Government and Corporate Infosec and Cyber Security World Treat this Slide dedicated and acknowledgement to one and all who I forgot to mention, missed out their names, companies, website and other info here in this presentation. I thank you and apologize if I had forgot to mention you here.
  • 33. A Strategy towards an Effective SOC - Manoj Purandare Manoj Purandare DCM, MCS, CISSP, PMP, PgMP, ITIL, Cyber Crime Analyst, PCI DSS Security Implementer, with more than 2 decades of IT and Infosec experience and specialization mail: technicalmanoj@gmail.com Linkedin : https://www.linkedin.com/in/manojypurandare about – Author & Presenter Thank you