Mona Arkhipova, profile picture
Uploaded byMona Arkhipova
348 views

Security Ops for large and small companies

This document provides an overview of security operations (SOC) for companies of all sizes. It discusses the basic questions companies should ask regarding their security needs, how to approach monitoring both business and system metrics, and an in-depth look at monitoring and establishing an internal SOC. It then discusses solutions for security operations, both free and enterprise options, and things to consider if solutions are not working as expected or fail. The document concludes with embedding security into IT operations, discussing overlapping processes, compliance standards, typical incident response plans, and automating security processes. It also covers different approaches to security testing programs.

Embed presentation

Security OPS for large and small companies #PAYMENTSECURITY, Saint-Petersburg, Russia, 2017
#whoami Mona Arkhipova ◎ Unit Manager of information security architecture and monitoring at software vendor and cloud services ◎ Co-owner at internet acquiring software custom development company ◎ Independent security consultant Past • Head of SOC and OPS monitoring, Lead information security expert at QIWI group; • Security analyst at General Electric (GE Capital); • Independent security consultant at fintech start-ups; • *nix systems and network administrator
1. First steps to secure your operations Do you really need ISOC?
(Not so) Basic questions Interests Business owners Patent owners Customers, clients, partners Employees Law Society … Objects Source code Data Services Systems Reputation … Threats Hackers Insiders Regulation authorities Disasters Competitors and partners …
Monitoring: Two ways Business metrics System metrics
Monitoring/ISOC: in depth Behavior analysis Data flows Services policies OS/device policies Log source typization Inventory & Discovery
2. Solutions Marketing vs operations
”Working not as expected” ◎Gather references, mostly from hands-on specialists ◎Try to pilot on large amount of various data ◎Performance testing under overload ◎There’s no silver bullet
What’s about free solutions? Small/Mid ◎Good point to start ◎…if your production would stay the same size ◎May be supported by IT ◎(most) processes may be easily changed Mid/Large ◎Also good point to start ◎…if you don’t have compliance requirements on retention ◎And if you have enough resources for internal development ◎Calculate solution cost on different lifecycle stages
Enterprise solutions ◎Support response speed ◎Patching speed ◎Amount of experts on solution ◎Professional services costs Does the solution needed/may be applied only for security?
If solution fails ◎Look for enhancements ◎Recheck the covered scopes ◎Solution criticality ◎Calculate TCO ◎Plan changes
3. Embedding security into IT operations Mission possible
Overlapping processes ◎Inventory ◎Sources setup ◎Hardening processes support ◎Access management ◎In-depth knowledge of services/networks ◎Awareness ◎Win-win deployments (share your tools!)
CIS CSC 20 ◎Easy to explain ◎Easy to convert to roadmaps
Typical incidents ◎Prepare detailed response plans ◎Create kb on known issues ◎Alerts may be pushed outside ◎May be partially handled by duty/IT monitoring team ◎Keep it simple
Automate all the things ◎Access workflows ◎CMDB/simple inventory ◎Hardening controls/self-healing ◎Patch management ◎Agents review
I’m loving IT Team up Security and IT and you might like the result
4. Testing Find your way
Common way ◎Limited scope and vectors ◎Single team/vendor ◎Well-known scenarios ◎Approved testing windows ◎Whitelisting as a requirement
Common way cons ◎Lack of coverage ◎Toolbox ◎Too much approvals ◎“This is for compliance only”
Red team vs Blue team ◎Good for large systems ◎Full coverage of internals ◎Scope is related to all security and awareness processes (not only IT systems) ◎Greatest way to test your team and tools ◎Safe way to get a ’real’ incident and apply appropriate mitigations
Red team cons ◎Price ◎DoS and urgent changes ◎Urgent reinstall ◎All employees are the target too ◎IT security team overload ◎24x7 attacks
Thanks! Any questions? You can find me at: /monaarkhipova mona@sudo.su

More Related Content

PPTX
Risks vs real life
byMona Arkhipova
 
PDF
Positive Hack Days 7 - Ransomware forensiсs
byMona Arkhipova
 
PPTX
QIWI SOC benchmarking: Blue Team story
byMona Arkhipova
 
PDF
Qradar as a SOC core
byMona Arkhipova
 
PPTX
Enterprise Forensics 101
byMona Arkhipova
 
PPTX
Network Forensics Backwards and Forwards
bySavvius, Inc
 
PPTX
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
bySavvius, Inc
 
PDF
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
bySavvius, Inc
 
Risks vs real life
byMona Arkhipova
 
Positive Hack Days 7 - Ransomware forensiсs
byMona Arkhipova
 
QIWI SOC benchmarking: Blue Team story
byMona Arkhipova
 
Qradar as a SOC core
byMona Arkhipova
 
Enterprise Forensics 101
byMona Arkhipova
 
Network Forensics Backwards and Forwards
bySavvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
bySavvius, Inc
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
bySavvius, Inc
 

What's hot

PPTX
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
bycentralohioissa
 
PPTX
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
byDigital Bond
 
PDF
API Vulnerabilties and What to Do About Them
byEoin Woods
 
PPTX
Introducing Savvius Vigil
bySavvius, Inc
 
PPTX
The Subversive Six: Hidden Risk Points in ICS
byTripwire
 
PDF
Secure by Design - Security Design Principles for the Rest of Us
byEoin Woods
 
PPTX
Endpoint Modeling 101 - A New Approach to Endpoint Security
byObservable Networks
 
PPTX
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
byDigital Bond
 
PDF
What Is Next-Generation Endpoint Security and Why Do You Need It?
byPriyanka Aash
 
PPTX
Jason Kent - AppSec Without Additional Tools
bycentralohioissa
 
PPTX
Maturing Endpoint Security: 5 Key Considerations
bySirius
 
PPTX
How to Increase ICS Cybersecurity Return on Investment (ROI)
byDragos, Inc.
 
PDF
Enterprise Vulnerability Management - ZeroNights16
byAlexander Leonov
 
PPTX
NextGen Endpoint Security for Dummies
byAtif Ghauri
 
PDF
IDC Security 2014, Endpoint Security in Depth
byKen Tulegenov
 
PPTX
Cloud Security Zen: Principles to Meditate On
bySamuel Reed
 
PDF
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
byColorTokens Inc
 
PPTX
The Future of ICS Security Products
byDigital Bond
 
PDF
Soc analyst course content
byShivamSharma909
 
PPTX
Practical Defense
bySean Whalen
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
bycentralohioissa
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
byDigital Bond
 
API Vulnerabilties and What to Do About Them
byEoin Woods
 
Introducing Savvius Vigil
bySavvius, Inc
 
The Subversive Six: Hidden Risk Points in ICS
byTripwire
 
Secure by Design - Security Design Principles for the Rest of Us
byEoin Woods
 
Endpoint Modeling 101 - A New Approach to Endpoint Security
byObservable Networks
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
byDigital Bond
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
byPriyanka Aash
 
Jason Kent - AppSec Without Additional Tools
bycentralohioissa
 
Maturing Endpoint Security: 5 Key Considerations
bySirius
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
byDragos, Inc.
 
Enterprise Vulnerability Management - ZeroNights16
byAlexander Leonov
 
NextGen Endpoint Security for Dummies
byAtif Ghauri
 
IDC Security 2014, Endpoint Security in Depth
byKen Tulegenov
 
Cloud Security Zen: Principles to Meditate On
bySamuel Reed
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
byColorTokens Inc
 
The Future of ICS Security Products
byDigital Bond
 
Soc analyst course content
byShivamSharma909
 
Practical Defense
bySean Whalen
 

Similar to Security Ops for large and small companies

PPTX
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
byAndris Soroka
 
PDF
Building A Security Operations Center
bySiemplify
 
PDF
Building a Security Operations Center (SOC).pdf
byTapOffice
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
PPTX
A guide to Sustainable Cyber Security
byErnest Staats
 
PPSX
Does audit make us more secure
byEnterpriseGRC Solutions, Inc.
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
PPTX
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
byAzim191210
 
PDF
Cyber Risk Management in 2017: Challenges & Recommendations
byUlf Mattsson
 
PDF
Why Corporate Security Professionals Should Care About Information Security
byResolver Inc.
 
PDF
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
bysucesuminas
 
PDF
Information Security Management 101
byJerod Brennen
 
PPTX
CISSP Bridging Theory and Practice in Cybersecurity.pptx
byssuser926681
 
PPTX
Cybersecurity Frameworks and You: The Perfect Match
byMcKonly & Asbury, LLP
 
PPTX
Finding-Security-A-Home-In-A-DevOps-World.pptx
byalejandro415203
 
PDF
Cyber and information security operations and assurance
byEyesOpen Association
 
PDF
Building an effective Information Security Roadmap
byElliott Franklin
 
PPTX
Privacies are Coming
byErnest Staats
 
PPTX
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
PPTX
ISACA Ireland Keynote 2015
byShannon Lietz
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
byAndris Soroka
 
Building A Security Operations Center
bySiemplify
 
Building a Security Operations Center (SOC).pdf
byTapOffice
 
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
A guide to Sustainable Cyber Security
byErnest Staats
 
Does audit make us more secure
byEnterpriseGRC Solutions, Inc.
 
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
byAzim191210
 
Cyber Risk Management in 2017: Challenges & Recommendations
byUlf Mattsson
 
Why Corporate Security Professionals Should Care About Information Security
byResolver Inc.
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
bysucesuminas
 
Information Security Management 101
byJerod Brennen
 
CISSP Bridging Theory and Practice in Cybersecurity.pptx
byssuser926681
 
Cybersecurity Frameworks and You: The Perfect Match
byMcKonly & Asbury, LLP
 
Finding-Security-A-Home-In-A-DevOps-World.pptx
byalejandro415203
 
Cyber and information security operations and assurance
byEyesOpen Association
 
Building an effective Information Security Roadmap
byElliott Franklin
 
Privacies are Coming
byErnest Staats
 
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
ISACA Ireland Keynote 2015
byShannon Lietz
 

Recently uploaded

PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
final.pdf
byomarbishtawi04
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
final.pdf
byomarbishtawi04
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Workflow and decision Automation with Flowable
bychakib ch
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 

Security Ops for large and small companies

  • 1.
    Security OPS for largeand small companies #PAYMENTSECURITY, Saint-Petersburg, Russia, 2017
  • 2.
    #whoami Mona Arkhipova ◎ UnitManager of information security architecture and monitoring at software vendor and cloud services ◎ Co-owner at internet acquiring software custom development company ◎ Independent security consultant Past • Head of SOC and OPS monitoring, Lead information security expert at QIWI group; • Security analyst at General Electric (GE Capital); • Independent security consultant at fintech start-ups; • *nix systems and network administrator
  • 3.
    1. First steps tosecure your operations Do you really need ISOC?
  • 4.
    (Not so) Basicquestions Interests Business owners Patent owners Customers, clients, partners Employees Law Society … Objects Source code Data Services Systems Reputation … Threats Hackers Insiders Regulation authorities Disasters Competitors and partners …
  • 5.
  • 6.
    Monitoring/ISOC: in depth Behavioranalysis Data flows Services policies OS/device policies Log source typization Inventory & Discovery
  • 7.
  • 8.
    ”Working not asexpected” ◎Gather references, mostly from hands-on specialists ◎Try to pilot on large amount of various data ◎Performance testing under overload ◎There’s no silver bullet
  • 9.
    What’s about freesolutions? Small/Mid ◎Good point to start ◎…if your production would stay the same size ◎May be supported by IT ◎(most) processes may be easily changed Mid/Large ◎Also good point to start ◎…if you don’t have compliance requirements on retention ◎And if you have enough resources for internal development ◎Calculate solution cost on different lifecycle stages
  • 10.
    Enterprise solutions ◎Support responsespeed ◎Patching speed ◎Amount of experts on solution ◎Professional services costs Does the solution needed/may be applied only for security?
  • 11.
    If solution fails ◎Lookfor enhancements ◎Recheck the covered scopes ◎Solution criticality ◎Calculate TCO ◎Plan changes
  • 12.
    3. Embedding security into IToperations Mission possible
  • 13.
    Overlapping processes ◎Inventory ◎Sources setup ◎Hardeningprocesses support ◎Access management ◎In-depth knowledge of services/networks ◎Awareness ◎Win-win deployments (share your tools!)
  • 14.
    CIS CSC 20 ◎Easyto explain ◎Easy to convert to roadmaps
  • 15.
    Typical incidents ◎Prepare detailedresponse plans ◎Create kb on known issues ◎Alerts may be pushed outside ◎May be partially handled by duty/IT monitoring team ◎Keep it simple
  • 16.
    Automate all thethings ◎Access workflows ◎CMDB/simple inventory ◎Hardening controls/self-healing ◎Patch management ◎Agents review
  • 17.
    I’m loving IT Team upSecurity and IT and you might like the result
  • 18.
  • 19.
    Common way ◎Limited scopeand vectors ◎Single team/vendor ◎Well-known scenarios ◎Approved testing windows ◎Whitelisting as a requirement
  • 20.
    Common way cons ◎Lackof coverage ◎Toolbox ◎Too much approvals ◎“This is for compliance only”
  • 21.
    Red team vsBlue team ◎Good for large systems ◎Full coverage of internals ◎Scope is related to all security and awareness processes (not only IT systems) ◎Greatest way to test your team and tools ◎Safe way to get a ’real’ incident and apply appropriate mitigations
  • 22.
    Red team cons ◎Price ◎DoSand urgent changes ◎Urgent reinstall ◎All employees are the target too ◎IT security team overload ◎24x7 attacks
  • 23.
    Thanks! Any questions? You canfind me at: /monaarkhipova mona@sudo.su