SlideShare a Scribd company logo
OPTIMIZING
SECURITY
OPERATIONS
FIVE KEYS
TO SUCCESS
www.siriuscom.com
Sirius is a national integrator of technology-
based business solutions that span the
enterprise, including the data center and
lines of business. Built on products and
services from the world’s top technology
companies, Sirius solutions are installed,
configured and supported by our dedicated
teams of highly certified experts.
Sponsored by
We are gathering
unprecedented amounts
of data about threats.
This helps with security,
but also exacerbates false
positive and staffing issues. 54 percent of security professionals
ignore alerts that should be
investigated because they don't have
the staff or expertise to deal with them
51 percent of organizations
report a “problematic shortage”
of cybersecurity skills
Source: ESG Research
Too many alerts, too many
technologies, and not
enough people!
THE RESULT…
CYBER FATIGUE
Minimizing the number of times “I
don’t know!” is the answer to
questions about security incidents
is a challenge
LEADS TO MORE
QUESTIONS THAN
ANSWERS
A team and facility dedicated to
detecting, analyzing, responding to,
reporting on and preventing
cybersecurity incidents.
A well-run SOC is the heart of
effective cyber defense.
THE KEY TO
FINDING ANSWERS
IS THE SECURITY
OPERATIONS
CENTER (SOC)
Ask yourself:
WHICH BEST DESCRIBES
YOUR COMPANY’S CURRENT
SECOPs CAPABILITIES?
a) We have a SIEM
b) We have a fully staffed, on-prem SOC
c) We have an on-prem SOC, but it’s not fully staffed
d) We have a small team, and managed services
e) We’re just now building out our operations
5 KEYS TO OPTIMIZING
SECURITY OPERATIONS
Determine the right approach
For your business
ONE
EVALUATE
SOC MODELS
INTERNAL SOC
Dedicated facility
Dedicated team
Fully in-house
Advantages
Provides the most granular visibility
across the environment
Disadvantages
Possible misses in detection
Struggle to recruit and retain talent
Up-front investment costs
Significant time investment
VIRTUAL SOC
No dedicated facility
Part-time team members
Reactive; activated when a critical
alert or incident occurs
Advantages
Quickest, simplest, most scalable,
and cost-effective to implement
Disadvantages
Reduced granular visibility
Some data handled by third party
Longer escalation times
Least customizable
HYBRID SOC
Dedicated and semi-dedicated
team members
Typically 5x8 operations
Co-managed with an MSSP
Advantages
Most secure from a monitoring and
detection perspective
Quick detection & response time
Lower backlog
Knowledge transfer/intel sharing
Disadvantages
Third-party data handling
Ask yourself:
DOES YOUR ORGANIZATION USE
MANAGED SECURITY SERVICES?
a) Yes, we have a managed SOC
b) Yes, but not for SOC
c) No
d) Not sure
Many companies rely heavily on SIEM to
support compliance and threat detection
efforts. While SIEM is a critical tool,
organizations are increasingly
complementing their deployments with
solutions that really take their analytics
capabilities to the next level.
TWO
IMPLEMENT
ADVANCED
ANALYTICS
Consider the following questions:
• What security controls do you have in your environment? When was the last time your technology was evaluated?
• Do you have the visibility you need into your business activities, and the assets that are most likely to be targeted by
cyber adversaries?
• Can your security controls ingest and display threat intelligence delivered in a variety of formats (XML, CSV, and JSON)
in the form of indicators, tags, labels, text, and reports?
The NIST Cybersecurity Framework and special publications on security and privacy controls, as well as the CIS Critical
Security Controls (often referred to as the SANS Top 20) can assist you in establishing a strong foundation.
ENSURE FUNDAMENTALS ARE IN PLACE
Organizations looking to enable sophisticated analytics first need to ensure they have the right fundamentals in place. Many
cyber attacks take advantage of basic, often unnoticed security vulnerabilities, such as poor patch management
procedures, weak passwords, personal email services, and the lack of end-user education and sound security policies. A
mature SOC should make sure they have a complete picture of their infrastructure—what’s deployed, how it’s being used,
who’s using it, and if it’s up to date.
User and entity behavior analytics (UEBA) helps to establish baselines of normal user behavior, and
facilitate the detection of users with high-risk identity profiles as well as high-risk activity, access, and events
associated with insider threats and compromised accounts. Organizations can quickly identify threats based
on actions that stray from normal patterns. SIEM vendors are adding UEBA as a feature, or partnering with
UEBA vendors to deliver behavioral modeling, machine learning, and advanced analytics.
User Behavior
Analytics
COMPLEMENTARY ANALYTICS
Endpoint detection and response (EDR) solutions include all of the components of traditional endpoint
defenses such as anti-virus, host IPS, and heuristics to prevent exploits and malware propagation, but
also enable SOCs and IR teams to leverage additional capabilities such as ransomware detection,
continuous endpoint recording, and live endpoint investigation and remediation. They are typically
broken into four categories: threat prevention, threat detection and response, endpoint monitoring and
management, and digital forensics.
Network analytics enable the analysis of traffic flow and packets. Analysts can collect, process,
correlate, and analyze metadata throughout the Open Systems Interconnection (OSI) stack to
determine what happened, when. Targeted attacks often follow the “cyber kill chain,” and these
controls can be used to block or detect malicious activity within each of its seven phases. While
network security analytics tend to focus on internal data, they can be integrated with threat intelligence
to provide an outside-in perspective as well.
Threat intelligence helps you arm yourself with strategic, tactical, and operational insights to understand
how you are being targeted, and respond accordingly. Threat data is not the same as threat
intelligence; dumping raw information into organizations that are drowning in data exacerbates staffing
and false positive issues. Threat intelligence incorporates the context that makes threat data relevant to
an organization or industry.
Endpoint
Security
Threat
Intelligence
Network Security
Analytics
INTERNAL
Standardized
Highly targeted intelligence | Unrestricted usage
COMMERCIAL
Vendor-specific
Moderately targeted intelligence | Usage is restricted
Some standardization
Moderately targeted intelligence | Usage is restricted
COMMUNITY
Varied formats
Little targeted intelligence | Usage restrictions vary
OPEN SOURCE
INTELLIGENCE
SOURCES
Enable analysts to make better decisions
from better data
THREE
INTEGRATE
CONTROLS &
AUTOMATE
PROCESSES
17
FOUR
BOOST INCIDENT
RESPONSE
Triage detected threats and avoid
bottlenecks in IR processes
19
20
Popular Incident Response Frameworks
NIST 800-61
The National Institute of
Standards and Technology
developed this framework to
help organizations develop their
incident response teams and
processes in order to properly
plan for, assess, respond to, and
recover from potential threats.
CERT (CSIRT)
The Computer Emergency
Response Team created this
handbook, which includes a
popular framework companies
often use to model their own
incident response plans. The
handbook also covers how to set
up an IRT, as well as tools and
workflows to facilitate effective
response to security events.
ISACA
Developed by the Information
Systems Audit and Control
Association (ISACA), this
framework is an incident
response plan companies use
when becoming COBIT
compliant. It models the ways in
which companies can manage
risk and establish controls and
protections over information
systems, technologies, and
intellectual property.
ISO/IEC 270035
The International Organization
for Standardization (ISO)
and the International
Electrotechnical Commission
(IEC) developed this rigid and
formal incident response
framework that organizations
are required to implement when
becoming ISO 27001 compliant;
it establishes specific and
detailed steps to manage and
respond to security threats.
CONSIDER THE FOLLOWING QUESTIONS:
• Is your IR plan based on a framework?
• Is it frequently reviewed and updated?
• Has it ever been tested and validated?
• Do you have a retainer with an IR firm and/or have
cybersecurity insurance?
Ask yourself:
FIVE
MEASURE YOUR
EFFORTS
Report the performance of people,
processes, and technologies
Detect and respond to incidents
Identify threats and vulnerabilities
Document activities
for management,
auditors, and regulators
BUILDING
NEXT-GEN
SECURITY
OPERATIONS
http://focus.forsythe.com/articles/627/5-Keys-to-
Optimizing-Security-Operations
CHECK OUT THE
ORIGINAL ARTICLE:
http://focus.forsythe.com
OR FIND MORE ARTICLES ABOUT
BUSINESS AND TECHNOLOGY
SOLUTIONS AT FOCUS ONLINE:
Author:
Chris Hoke
Managing Director, Security, Sirius
Jose Ferreira
Security Solutions Territory Manager, Sirius
www.siriuscom.com
Sirius is a national integrator of technology-
based business solutions that span the
enterprise, including the data center and
lines of business. Built on products and
services from the world’s top technology
companies, Sirius solutions are installed,
configured and supported by our dedicated
teams of highly certified experts.
Optimizing Security Operations: 5 Keys to Success

More Related Content

What's hot

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
TapOffice
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 

What's hot (20)

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Soc
SocSoc
Soc
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 

Similar to Optimizing Security Operations: 5 Keys to Success

Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Leslie McFarlin
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
Karl Kispert
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
SonuSingh81247
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Aujas
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
TheWalkerGroup1
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
Securaa
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
JoAnna Cheshire
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
SOCVault
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
Sandip Juthani
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
Metaorange
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
Info-Tech Research Group
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
Metaorange
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
George Goodall
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
muhammad awais
 
Security Operations Center scenario Interview based Questions
Security Operations Center scenario Interview based QuestionsSecurity Operations Center scenario Interview based Questions
Security Operations Center scenario Interview based Questions
priyanshamadhwal2
 

Similar to Optimizing Security Operations: 5 Keys to Success (20)

Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
Security Operations Center scenario Interview based Questions
Security Operations Center scenario Interview based QuestionsSecurity Operations Center scenario Interview based Questions
Security Operations Center scenario Interview based Questions
 

More from Sirius

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
Sirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation
Sirius
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Sirius
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
Sirius
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Sirius
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data management
Sirius
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left Behind
Sirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers
Sirius
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or Revolution
Sirius
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
Sirius
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Sirius
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have
Sirius
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric Security
Sirius
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
Sirius
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap
Sirius
 

More from Sirius (20)

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business Asset
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data management
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left Behind
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or Revolution
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric Security
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

Optimizing Security Operations: 5 Keys to Success

  • 2. www.siriuscom.com Sirius is a national integrator of technology- based business solutions that span the enterprise, including the data center and lines of business. Built on products and services from the world’s top technology companies, Sirius solutions are installed, configured and supported by our dedicated teams of highly certified experts. Sponsored by
  • 3. We are gathering unprecedented amounts of data about threats. This helps with security, but also exacerbates false positive and staffing issues. 54 percent of security professionals ignore alerts that should be investigated because they don't have the staff or expertise to deal with them 51 percent of organizations report a “problematic shortage” of cybersecurity skills Source: ESG Research
  • 4. Too many alerts, too many technologies, and not enough people! THE RESULT… CYBER FATIGUE
  • 5. Minimizing the number of times “I don’t know!” is the answer to questions about security incidents is a challenge LEADS TO MORE QUESTIONS THAN ANSWERS
  • 6. A team and facility dedicated to detecting, analyzing, responding to, reporting on and preventing cybersecurity incidents. A well-run SOC is the heart of effective cyber defense. THE KEY TO FINDING ANSWERS IS THE SECURITY OPERATIONS CENTER (SOC)
  • 7. Ask yourself: WHICH BEST DESCRIBES YOUR COMPANY’S CURRENT SECOPs CAPABILITIES? a) We have a SIEM b) We have a fully staffed, on-prem SOC c) We have an on-prem SOC, but it’s not fully staffed d) We have a small team, and managed services e) We’re just now building out our operations
  • 8. 5 KEYS TO OPTIMIZING SECURITY OPERATIONS
  • 9. Determine the right approach For your business ONE EVALUATE SOC MODELS
  • 10. INTERNAL SOC Dedicated facility Dedicated team Fully in-house Advantages Provides the most granular visibility across the environment Disadvantages Possible misses in detection Struggle to recruit and retain talent Up-front investment costs Significant time investment VIRTUAL SOC No dedicated facility Part-time team members Reactive; activated when a critical alert or incident occurs Advantages Quickest, simplest, most scalable, and cost-effective to implement Disadvantages Reduced granular visibility Some data handled by third party Longer escalation times Least customizable HYBRID SOC Dedicated and semi-dedicated team members Typically 5x8 operations Co-managed with an MSSP Advantages Most secure from a monitoring and detection perspective Quick detection & response time Lower backlog Knowledge transfer/intel sharing Disadvantages Third-party data handling
  • 11. Ask yourself: DOES YOUR ORGANIZATION USE MANAGED SECURITY SERVICES? a) Yes, we have a managed SOC b) Yes, but not for SOC c) No d) Not sure
  • 12. Many companies rely heavily on SIEM to support compliance and threat detection efforts. While SIEM is a critical tool, organizations are increasingly complementing their deployments with solutions that really take their analytics capabilities to the next level. TWO IMPLEMENT ADVANCED ANALYTICS
  • 13. Consider the following questions: • What security controls do you have in your environment? When was the last time your technology was evaluated? • Do you have the visibility you need into your business activities, and the assets that are most likely to be targeted by cyber adversaries? • Can your security controls ingest and display threat intelligence delivered in a variety of formats (XML, CSV, and JSON) in the form of indicators, tags, labels, text, and reports? The NIST Cybersecurity Framework and special publications on security and privacy controls, as well as the CIS Critical Security Controls (often referred to as the SANS Top 20) can assist you in establishing a strong foundation. ENSURE FUNDAMENTALS ARE IN PLACE Organizations looking to enable sophisticated analytics first need to ensure they have the right fundamentals in place. Many cyber attacks take advantage of basic, often unnoticed security vulnerabilities, such as poor patch management procedures, weak passwords, personal email services, and the lack of end-user education and sound security policies. A mature SOC should make sure they have a complete picture of their infrastructure—what’s deployed, how it’s being used, who’s using it, and if it’s up to date.
  • 14. User and entity behavior analytics (UEBA) helps to establish baselines of normal user behavior, and facilitate the detection of users with high-risk identity profiles as well as high-risk activity, access, and events associated with insider threats and compromised accounts. Organizations can quickly identify threats based on actions that stray from normal patterns. SIEM vendors are adding UEBA as a feature, or partnering with UEBA vendors to deliver behavioral modeling, machine learning, and advanced analytics. User Behavior Analytics COMPLEMENTARY ANALYTICS Endpoint detection and response (EDR) solutions include all of the components of traditional endpoint defenses such as anti-virus, host IPS, and heuristics to prevent exploits and malware propagation, but also enable SOCs and IR teams to leverage additional capabilities such as ransomware detection, continuous endpoint recording, and live endpoint investigation and remediation. They are typically broken into four categories: threat prevention, threat detection and response, endpoint monitoring and management, and digital forensics. Network analytics enable the analysis of traffic flow and packets. Analysts can collect, process, correlate, and analyze metadata throughout the Open Systems Interconnection (OSI) stack to determine what happened, when. Targeted attacks often follow the “cyber kill chain,” and these controls can be used to block or detect malicious activity within each of its seven phases. While network security analytics tend to focus on internal data, they can be integrated with threat intelligence to provide an outside-in perspective as well. Threat intelligence helps you arm yourself with strategic, tactical, and operational insights to understand how you are being targeted, and respond accordingly. Threat data is not the same as threat intelligence; dumping raw information into organizations that are drowning in data exacerbates staffing and false positive issues. Threat intelligence incorporates the context that makes threat data relevant to an organization or industry. Endpoint Security Threat Intelligence Network Security Analytics
  • 15. INTERNAL Standardized Highly targeted intelligence | Unrestricted usage COMMERCIAL Vendor-specific Moderately targeted intelligence | Usage is restricted Some standardization Moderately targeted intelligence | Usage is restricted COMMUNITY Varied formats Little targeted intelligence | Usage restrictions vary OPEN SOURCE INTELLIGENCE SOURCES
  • 16. Enable analysts to make better decisions from better data THREE INTEGRATE CONTROLS & AUTOMATE PROCESSES
  • 17. 17
  • 18. FOUR BOOST INCIDENT RESPONSE Triage detected threats and avoid bottlenecks in IR processes
  • 19. 19
  • 20. 20 Popular Incident Response Frameworks NIST 800-61 The National Institute of Standards and Technology developed this framework to help organizations develop their incident response teams and processes in order to properly plan for, assess, respond to, and recover from potential threats. CERT (CSIRT) The Computer Emergency Response Team created this handbook, which includes a popular framework companies often use to model their own incident response plans. The handbook also covers how to set up an IRT, as well as tools and workflows to facilitate effective response to security events. ISACA Developed by the Information Systems Audit and Control Association (ISACA), this framework is an incident response plan companies use when becoming COBIT compliant. It models the ways in which companies can manage risk and establish controls and protections over information systems, technologies, and intellectual property. ISO/IEC 270035 The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed this rigid and formal incident response framework that organizations are required to implement when becoming ISO 27001 compliant; it establishes specific and detailed steps to manage and respond to security threats.
  • 21. CONSIDER THE FOLLOWING QUESTIONS: • Is your IR plan based on a framework? • Is it frequently reviewed and updated? • Has it ever been tested and validated? • Do you have a retainer with an IR firm and/or have cybersecurity insurance? Ask yourself:
  • 22. FIVE MEASURE YOUR EFFORTS Report the performance of people, processes, and technologies
  • 23. Detect and respond to incidents Identify threats and vulnerabilities Document activities for management, auditors, and regulators BUILDING NEXT-GEN SECURITY OPERATIONS
  • 25. http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
  • 26. Author: Chris Hoke Managing Director, Security, Sirius Jose Ferreira Security Solutions Territory Manager, Sirius www.siriuscom.com Sirius is a national integrator of technology- based business solutions that span the enterprise, including the data center and lines of business. Built on products and services from the world’s top technology companies, Sirius solutions are installed, configured and supported by our dedicated teams of highly certified experts.