MS
Uploaded byMuhammad Sahputra
PPSX, PPTX3,333 views

Next-Gen security operation center

The document outlines the evolution and future of Security Operations Centers (SOCs), emphasizing the importance of adapting to next-gen technologies like Security Orchestration, Automation, and Response (SOAR) alongside big data and AI. It highlights that while SOCs traditionally emphasized human monitoring, the next-gen approach integrates automation to enhance efficiency and response times to cybersecurity threats. The ultimate goal is to improve operational effectiveness while acknowledging the critical role of human analysts in managing complex threats.

Technology
In this document
Powered by AI

Introduction to Next-Gen Security Operations Center (SOC) focused on future-ready protection.

Cyber Crime and Cyber Espionage are primary motives behind targeted attacks against organizations.

Overview of the Cyber Kill Chain, a model used for understanding and mitigating cybersecurity threats.

Definition and overview of Security Operations Center (SOC) as a crucial facility for cybersecurity.

Discussion on traditional SOCs including reliance on people and detailed log management practices.

Importance of external data and threat intelligence in detecting and responding to threats.

Focus on establishing a people-centric SOC with an emphasis on monitoring and threat investigation.

Next-Gen SOC aims to enhance technology, staff, and processes compared to traditional SOCs.

Efforts to improve Mean Time to Detect (MTTD) and Mean Time to Recover (MTTR) through effective monitoring.

Introduction of SOAR, big data, and AI in SOCs for improved security and response capabilities.

Utilization of big data and supercomputing to prevent breaches, enhancing detection and response.

Final thoughts on the evolution towards Next-Gen SOC emphasizing roles of humans and planning.

Embed presentation

Download as PPSX, PPTX
Next-Gen Security Operation Center Future-Ready Protection Against Targeted Attacks Muhammad Sahputra
Who..?
Motivation Behind Attacks Based on Stats - March 2018 Cyber Crime & Cyber Espionage mostly motivates hackers to launch attacks against targeted organisations
Cyber Kill Chain
– Gartner “A security operations center (SOC) can be defined both as a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance.” What is SOC?
Traditional Security Operation Center
Machine Logs 192.168.2.20 - - [28/Jul/2006:10:27:10 -0300] "GET /cgi- bin/try/ HTTP/1.0" 200 3395 127.0.0.1 - - [28/Jul/2006:10:22:04 -0300] "GET / HTTP/1.0" 200 2216 x.x.x.90 - - [13/Sep/2006:07:01:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:01:51 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:21 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:50 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 [Fri Dec 16 01:46:23 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /home/test/ [Fri Dec 16 01:54:34 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /apache/web- data/test2 [Fri Dec 16 02:25:55 2005] [error] [client 1.2.3.4] Client sent malformed Host header [Mon Dec 19 23:02:01 2005] [error] [client 1.2.3.4] user test: authentication failure for "/~dcid/test1": Password Mismatch • Application Logs • Service Logs • Event Logs • System Logs
Security Information Event Management “Traditional SOC put more weight on people by introducing 24/7 security monitoring activities”
External Data Magic Word: Threat Intelligence
People-Centric SOC Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
People-Centric SOC “People-Centric SOC introduce painful issue to organisation” “Don’t you think it is inhuman to let people watch the screen for 8 hours especially in the middle-of night”? “It is industry 4.0 era”
“Next-Gen Security Operation Center vision is to improve technology, people, and process in Traditional SOC”
Use Case: Improving MTTD- MTTR Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
Solution: SOAR
SOAR Next-Gen SOC utilise SOAR (Security Orchestration Automation and Response) to perform actionable insights and interaction with another component in the network
Use Case: Vulnerability Management System Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
Solution: Bigdata and AI Next-Gen SOC pushes forward the limits of a tri-dimensional paradigm. It needs to increase the detection surface and decision velocity, decrease reaction time by utilising bigdata analytics combined with AI technology “Potensi serangan DDoS terhadap website IDNIC (Indonesia Network Information Center) dengan URL https://www.idnic.id (203.119.13.145) pada tanggal 29 November 2018”.
Analytics in Next-Gen Security Operation Center Next-Gen SOC preventing breaches from happening, by leveraging big data and supercomputing capabilities
Summary • No, Next-Gen SOC doesn’t intend to replace Human with Machine • Rarity of Human in IT Security forces us to be more creative within Industry 4.0 era • People role “improved” i.e Trainer for the Machine, Analysing only high classified unknown-complex threat, Data scientist, … • Convert your facility from Traditional to Next-Gen need proper plan: Map according to your organisation requirement, focus on what is the most pain point, improve them with machine
END

More Related Content

PPTX
Security operation center (SOC)
byAhmed Ayman
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PPT
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
PPTX
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
Security operation center (SOC)
byAhmed Ayman
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
Security Operation Center Fundamental
byAmir Hossein Zargaran
 

What's hot

PPTX
SOAR and SIEM.pptx
byAjit Wadhawan
 
PDF
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
PPTX
Security operation center
byMuthuKumaran267
 
PDF
SIEM Architecture
byNishanth Kumar Pathi
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
PDF
Governance of security operation centers
byBrencil Kaimba
 
PDF
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
PPTX
Security Information and Event Management (SIEM)
byk33a
 
PDF
Building an effective Information Security Roadmap
byElliott Franklin
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
PPTX
7 Steps to Build a SOC with Limited Resources
byLogRhythm
 
PPTX
Optimizing Security Operations: 5 Keys to Success
bySirius
 
PPTX
Security Information and Event Management (SIEM)
byhardik soni
 
PPTX
SIEM - Activating Defense through Response by Ankur Vats
byOWASP Delhi
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
PDF
Security operations center 5 security controls
byAlienVault
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PDF
Threat Hunting
bySplunk
 
SOAR and SIEM.pptx
byAjit Wadhawan
 
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
Security operation center
byMuthuKumaran267
 
SIEM Architecture
byNishanth Kumar Pathi
 
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
Governance of security operation centers
byBrencil Kaimba
 
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
Security Information and Event Management (SIEM)
byk33a
 
Building an effective Information Security Roadmap
byElliott Franklin
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
7 Steps to Build a SOC with Limited Resources
byLogRhythm
 
Optimizing Security Operations: 5 Keys to Success
bySirius
 
Security Information and Event Management (SIEM)
byhardik soni
 
SIEM - Activating Defense through Response by Ankur Vats
byOWASP Delhi
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
Security operations center 5 security controls
byAlienVault
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Threat Hunting
bySplunk
 

Similar to Next-Gen security operation center

PPTX
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
byVikas Singh Yadav
 
PDF
Building a Cyber Security Operations Center for SCADA/ICS Environments
byShah Sheikh
 
PPTX
Fundamentals of SOCs and CERTS for decision makers
byfarhad712
 
PDF
31779261-NOC-and-SOC.pdf
byssusera5b321
 
PPTX
SOC Analysis
bychipo3
 
PPTX
A SOC: Building Blocks of Digital Defense
bywininlifeacademy5
 
PPTX
SOC and SIEM.pptx
bySandeshUprety4
 
PPT
Ca world 2007 SOC integration
byMichael Nickle
 
PPTX
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
byAzim191210
 
PPTX
Meet the Ghost of SecOps Future by Anton Chuvakin
byAnton Chuvakin
 
PDF
security operations center by Manage Engigne
byhackeronehero
 
PPTX
Introduction to SOC
byBoni Yeamin
 
PPTX
SOC: Use cases and are we asking the right questions?
byJonathan Sinclair
 
PDF
NetForChoice: Redefining Cybersecurity Intelligence
byNetforchoice
 
PPTX
NetForChoice SOC: Advanced Security Operations Center for 24/7 Protection"
bydikshanfc
 
PDF
security operations center-critical-function.pdf
byNewterNelsONRouter
 
PPTX
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
bySonuSingh81247
 
PDF
Webinar - Feel Secure with revolutionary OTM Solution
byJK Tech
 
PDF
The Complete Security Operations Center Guide for 2023
bySkillmine Technology Pvt Ltd
 
PPTX
Introduction-to-Security-Operations-Center (SOC)
bysumank281995
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
byVikas Singh Yadav
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
byShah Sheikh
 
Fundamentals of SOCs and CERTS for decision makers
byfarhad712
 
31779261-NOC-and-SOC.pdf
byssusera5b321
 
SOC Analysis
bychipo3
 
A SOC: Building Blocks of Digital Defense
bywininlifeacademy5
 
SOC and SIEM.pptx
bySandeshUprety4
 
Ca world 2007 SOC integration
byMichael Nickle
 
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
byAzim191210
 
Meet the Ghost of SecOps Future by Anton Chuvakin
byAnton Chuvakin
 
security operations center by Manage Engigne
byhackeronehero
 
Introduction to SOC
byBoni Yeamin
 
SOC: Use cases and are we asking the right questions?
byJonathan Sinclair
 
NetForChoice: Redefining Cybersecurity Intelligence
byNetforchoice
 
NetForChoice SOC: Advanced Security Operations Center for 24/7 Protection"
bydikshanfc
 
security operations center-critical-function.pdf
byNewterNelsONRouter
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
bySonuSingh81247
 
Webinar - Feel Secure with revolutionary OTM Solution
byJK Tech
 
The Complete Security Operations Center Guide for 2023
bySkillmine Technology Pvt Ltd
 
Introduction-to-Security-Operations-Center (SOC)
bysumank281995
 

Recently uploaded

PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
December Patch Tuesday
byIvanti
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
December Patch Tuesday
byIvanti
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 

Next-Gen security operation center

  • 1.
    Next-Gen Security Operation Center Future-ReadyProtection Against Targeted Attacks Muhammad Sahputra
  • 2.
  • 3.
    Motivation Behind AttacksBased on Stats - March 2018 Cyber Crime & Cyber Espionage mostly motivates hackers to launch attacks against targeted organisations
  • 4.
  • 5.
    – Gartner “A securityoperations center (SOC) can be defined both as a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance.” What is SOC?
  • 6.
  • 7.
    Machine Logs 192.168.2.20 -- [28/Jul/2006:10:27:10 -0300] "GET /cgi- bin/try/ HTTP/1.0" 200 3395 127.0.0.1 - - [28/Jul/2006:10:22:04 -0300] "GET / HTTP/1.0" 200 2216 x.x.x.90 - - [13/Sep/2006:07:01:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:01:51 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:21 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:50 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 [Fri Dec 16 01:46:23 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /home/test/ [Fri Dec 16 01:54:34 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /apache/web- data/test2 [Fri Dec 16 02:25:55 2005] [error] [client 1.2.3.4] Client sent malformed Host header [Mon Dec 19 23:02:01 2005] [error] [client 1.2.3.4] user test: authentication failure for "/~dcid/test1": Password Mismatch • Application Logs • Service Logs • Event Logs • System Logs
  • 8.
    Security Information Event Management “TraditionalSOC put more weight on people by introducing 24/7 security monitoring activities”
  • 9.
    External Data Magic Word:Threat Intelligence
  • 10.
    People-Centric SOC Define visionfor the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
  • 11.
    People-Centric SOC “People-Centric SOC introducepainful issue to organisation” “Don’t you think it is inhuman to let people watch the screen for 8 hours especially in the middle-of night”? “It is industry 4.0 era”
  • 12.
    “Next-Gen Security OperationCenter vision is to improve technology, people, and process in Traditional SOC”
  • 13.
    Use Case: ImprovingMTTD- MTTR Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
  • 14.
  • 15.
    SOAR Next-Gen SOC utiliseSOAR (Security Orchestration Automation and Response) to perform actionable insights and interaction with another component in the network
  • 16.
    Use Case: Vulnerability ManagementSystem Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
  • 17.
    Solution: Bigdata andAI Next-Gen SOC pushes forward the limits of a tri-dimensional paradigm. It needs to increase the detection surface and decision velocity, decrease reaction time by utilising bigdata analytics combined with AI technology “Potensi serangan DDoS terhadap website IDNIC (Indonesia Network Information Center) dengan URL https://www.idnic.id (203.119.13.145) pada tanggal 29 November 2018”.
  • 18.
    Analytics in Next-GenSecurity Operation Center Next-Gen SOC preventing breaches from happening, by leveraging big data and supercomputing capabilities
  • 19.
    Summary • No, Next-GenSOC doesn’t intend to replace Human with Machine • Rarity of Human in IT Security forces us to be more creative within Industry 4.0 era • People role “improved” i.e Trainer for the Machine, Analysing only high classified unknown-complex threat, Data scientist, … • Convert your facility from Traditional to Next-Gen need proper plan: Map according to your organisation requirement, focus on what is the most pain point, improve them with machine
  • 20.

Editor's Notes

  • #5 Cyber kill chain merupakan model yang dipopulerkan oleh lockheed martin dan menunjukan bagaimana fase real targeted cyber attack terjadi. Apabila satu dari fase tersebut terputus maka targeted attack dapat digagalkan. Ini adalah salah satu objektivitas kebutuhan SOC.
  • #6 Berikan story kenapa suatu organisasi butuh SOC. Ceritakan sedikit mengenai konsep cyber killchain lockheed martin.