尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

An introduction to SOC (Security Operation Center)

Download as PPTX, PDF
Ahmad Haghighi
Ahmad Haghighi

The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.

Presentations & Public Speaking
1 of 36
Security Operations Center Presenter: Ahmad Haghighi Haghighi.ahmad@gmail.com September 2014
 Foreword  Introduction  Build vs. Outsource  5G/SOC  Personnel  Q&A Table of Context
FOREWORD
"We were at the point in the company where security was distributed over many teams -IT, the network guys, some dedicated network engineers, corporate security, and so on," "We didn't have a single view into our assets." Fischbach (Colt Telecom Services) Integrity Get visibility into your environment Centralized Management Modern & Complicated attack methods
What is SOC
A security operations center (SOC) is a centralized unit in an organization that deals with security issues, on an organizational and technical level. An SOC within a building or facility is a central location from where staff supervises the site, using data processing technology. Typically, it is equipped for access monitoring, and controlling of lighting, alarms, and vehicle barriers. SOC An information security operations center (or "SOC") is a location where enterprise information systems are: monitored assessed, and defended. ISOC
Alternative names Security defense center (SDC) Security intelligence center security intelligence and operations center (SIOC) Cyber security center Threat defense center Infrastructure Protection Centre (IPC)
ServerIDS SAN Firewall IPS Access Control Data Base Antivirus Data Center User Activity Applications Event management consoles Penetration testing tools Web Sites Vulnerability DetectionsUTM SOC SIEM Aggregate Correlate Web Server Honeypot Mail VPN Switch Router Web Cache • Alerts • Reports • Advisories OS logs
Use Cases
SOC Technology People Process & Procedure Environment
Nick Bradley(senior operations manager for IBM): "Think worse-case scenario -what type of data would be accessed if you were breached, and would you have the resources to recover, or could you recover?“ "If the answer is terrifying and keeping you up at night, then the answer is yes, you need a security operations center." Expensive (Infrastructure, Personnel, Training, …) Current equipment is not enough? Do We need a SOC? TCO – TBO ROI Do we need a SOC?
Survey of Secure Enterprise readers (2005) 72 percent of respondents with fewer than 5,000 employees had no plans to build a SOC Among the 28 percent who have a SOC or plan to build one 53 percent will collocate in the NOC The rest plan to house the SOC in a separate location, either a building (25 percent) or a room (22 percent).
• Microsoft (3 SOC) • IBM • Dell SecureWorks (7 SOC) • HP (ArcSight) ->BMW • Verizon • Symantec MSSP Challenges (Limitations) Some Providers: Advantages Build-in vs. Outsource Hybrid
• Firewalls • IDS/IPS • Data Loss Prevention • Behavior Based Detection • Anti-Spyware • Rogue Host Detection • Policy Auditor • Devise Control (USBs, etc.) • Asset Management • Baseline Monitoring (FDCC) • Application White listing • Patch Management • Remote Forensics • Etc. Possible Shopping Lists Hosts:
• Log Aggregation and SIM • Flow Monitoring • Full Packet Capture • Next Generation Firewalls – shift from blocking IPs and Ports to controlling applications • Web Application Firewall • Web Proxy • Content Monitoring (Network Based DLP) • New IDSs – Code Behavior/ Reputation • Continuous Vulnerability Scanning • Honeypot Possible Shopping Lists Network:
• SOC -- provide Incident Response, Forensics Capabilities, Threat Monitoring, Intelligence Gathering • Continuous Monitoring • Better User Training and Awareness – First line of defense: Informed Users! • Contingency Planning • Red Team/Blue Team (inc. Third Party Penetration Testing & Web/Application Testing) • Encryption • 2 Factor Authentication • Identify, classify, and tag what you need to protect, what are your crown jewels, what will affect your organizational viability. • MORE FUNDING & RESOURCES!!! Possible Shopping Lists Other:
SOC generations (5G)
1st Generation SOC: 1975-1995
2nd Generation SOC: 1996 2001
3rd Generation SOC: 2002 2005
4th Generation SOC: 2006 today
5th Generation SOC: 2013 ?
Security Operations Maturity Model (CMMI Based)
People (Personnel)
People Skills • 724 • Forensics knowledge • Proficiency in coding, scripting and protocols • Managing threat intelligence • Breach management • Penetration testing • Data analysts • Minimum two years of experience in NID monitoring and incident response. • Familiarity with network security methodologies, tactics, techniques and procedures. • Experience with IPS/IDS, SIEMs and other CND security tools. • Ability to read and write Snort IDS signatures. • Experience reviewing and analyzing network packet captures. • Experience performing security/vulnerability reviews of network environments. • Possess a comprehensive understanding of the TCP/IP protocol, security architecture, and remote access security techniques/products. • Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.
People Skills • Working knowledge of network architecture. • Strong research background, utilizing an analytical approach. • Candidate must be able to react quickly, decisively, and deliberately in high stress situations. • Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers. • Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a team setting. • Ability and willingness to work shifts ranging within 7:00 AM EST 11:00 PM EST.
Principle Duties and Responsibilities: • Monitor and analyze network traffic and IDS alerts. • Investigate intrusion attempts and perform in-depth analysis of exploits. • Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident. • Conduct proactive threat research. • Review security events that are populated in a Security Information and Event Management (SIEM) system. • Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident. • Independently follow procedures to contain, analyze, and eradicate malicious activity. • Document all activities during an incident and providing leadership with status updates during the life cycle of the incident. • Create a final incident report detailing the events of the incident • Provide information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies! (NASA) • Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
Some Points: • SOC Security • Environment (Location, Temperature, Humidity, Ergonomics, Lighting) • Collect as much as you can, even if you don't have the capacity to analyze it in real time. Because if you store it, it may become useful to you later on • A network connection to the Internet separate from your corporate network. • Dedicated phone lines • A fax line • Documentation • A secure wireless network • Electrical Power (UPS) • Clear Responsibilities (Duties, Time shifting, …) • Easy of Use
Resources: • Building a successful SOC (HP whitepaper) • 5G/SOC: The NOW of security operations (HP whitepaper) • 5G/SOC: Inside the world’s most advanced SOCs (HP WP) • How mature is your SOC? (HP WP) • SECURITY OPERATION CENTER (Reply communication valley) • arming_your_security_operations_center_with_the_right_technology_and_ser vices (WIPRO.com) • Building Security Operation Center (HP presentation) • Building, Maturing & Rocking a Security Operations Center (Brandie Anderson) • intelligence-driven-security-ops-center (RSA Technical Brief) • Anatomy of a Security Operations Center (By John Wang, NASA SOC) • Best Practices for Building a Security Operations Center (Diana Kelley and Ron Moritz) • Creating an Effective Security Operations Function (RSA Whitepaper) • Wikipedia.com • Build Your Own Security Operations Center (Jay Milne) • Do You Need A Security Operations Center? (Robert Lemos) • Best Practices for SOC Design (David G Aggleton) • …
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)

Recommended

Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 

Recommended

Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
Priyanka Aash
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
manoharparakh
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023
Chris Sistrunk
 

More Related Content

What's hot

Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
Priyanka Aash
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
manoharparakh
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 

What's hot (20)

Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Soc
SocSoc
Soc
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 

Similar to An introduction to SOC (Security Operation Center)

Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023
Chris Sistrunk
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
CSO_Presentations
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
ShivamSharma909
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Sreejesh Madonandy
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
Happiest Minds Technologies
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
Splunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
RAJESHWARI M
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
Tryzens
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
Christopher Gerritz
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
TI Safe
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
Adrian Sanabria
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
pvanwoud
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
Deep Shankar Yadav
 

Similar to An introduction to SOC (Security Operation Center) (20)

Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 

More from Ahmad Haghighi

DRM - مدیریت محدودیت‌های دیجیتال
DRM - مدیریت محدودیت‌های دیجیتالDRM - مدیریت محدودیت‌های دیجیتال
DRM - مدیریت محدودیت‌های دیجیتال
Ahmad Haghighi
 
Digital Restrictions Management (DRM)
Digital Restrictions Management (DRM)Digital Restrictions Management (DRM)
Digital Restrictions Management (DRM)
Ahmad Haghighi
 
نحوه مشارکت در ترجمه وب‌سایت‌های فدورا
نحوه مشارکت در ترجمه وب‌سایت‌های فدورانحوه مشارکت در ترجمه وب‌سایت‌های فدورا
نحوه مشارکت در ترجمه وب‌سایت‌های فدورا
Ahmad Haghighi
 
An Introduction to GNU/Linux
An Introduction to GNU/LinuxAn Introduction to GNU/Linux
An Introduction to GNU/Linux
Ahmad Haghighi
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active Directory
Ahmad Haghighi
 
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacksحملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
Ahmad Haghighi
 
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابیمقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
Ahmad Haghighi
 
Time management Presentation on 5 min(مدیریت زمان)
Time management Presentation on 5 min(مدیریت زمان)Time management Presentation on 5 min(مدیریت زمان)
Time management Presentation on 5 min(مدیریت زمان)
Ahmad Haghighi
 
Game Design (طراحی بازی)
Game Design (طراحی بازی)Game Design (طراحی بازی)
Game Design (طراحی بازی)
Ahmad Haghighi
 
Marshmallow Test
Marshmallow TestMarshmallow Test
Marshmallow Test
Ahmad Haghighi
 
IPv6
IPv6IPv6
IPv6
Ahmad Haghighi
 

More from Ahmad Haghighi (11)

DRM - مدیریت محدودیت‌های دیجیتال
DRM - مدیریت محدودیت‌های دیجیتالDRM - مدیریت محدودیت‌های دیجیتال
DRM - مدیریت محدودیت‌های دیجیتال
 
Digital Restrictions Management (DRM)
Digital Restrictions Management (DRM)Digital Restrictions Management (DRM)
Digital Restrictions Management (DRM)
 
نحوه مشارکت در ترجمه وب‌سایت‌های فدورا
نحوه مشارکت در ترجمه وب‌سایت‌های فدورانحوه مشارکت در ترجمه وب‌سایت‌های فدورا
نحوه مشارکت در ترجمه وب‌سایت‌های فدورا
 
An Introduction to GNU/Linux
An Introduction to GNU/LinuxAn Introduction to GNU/Linux
An Introduction to GNU/Linux
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active Directory
 
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacksحملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
 
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابیمقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
 
Time management Presentation on 5 min(مدیریت زمان)
Time management Presentation on 5 min(مدیریت زمان)Time management Presentation on 5 min(مدیریت زمان)
Time management Presentation on 5 min(مدیریت زمان)
 
Game Design (طراحی بازی)
Game Design (طراحی بازی)Game Design (طراحی بازی)
Game Design (طراحی بازی)
 
Marshmallow Test
Marshmallow TestMarshmallow Test
Marshmallow Test
 
IPv6
IPv6IPv6
IPv6
 

Recently uploaded

一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理
一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理
一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理
gfysze
 
Praesensa Technical Product Training UL 2572.pptx
Praesensa Technical Product Training UL 2572.pptxPraesensa Technical Product Training UL 2572.pptx
Praesensa Technical Product Training UL 2572.pptx
mmousa12501
 
VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...
VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...
VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...
shima sharma
 
➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result
➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result
➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result
sanammadhu484
 
MASTERCARD FOR FINTECHS PROGRAM 2024 BROCHURE
MASTERCARD FOR FINTECHS PROGRAM 2024 BROCHUREMASTERCARD FOR FINTECHS PROGRAM 2024 BROCHURE
MASTERCARD FOR FINTECHS PROGRAM 2024 BROCHURE
events25
 
AI for FSI by Ronan Carey from Dell Technologies
AI for FSI by Ronan Carey from Dell TechnologiesAI for FSI by Ronan Carey from Dell Technologies
AI for FSI by Ronan Carey from Dell Technologies
events25
 
Entrepreneurship competences in I4.0 and A.I lead migrants to inclusion
Entrepreneurship competences in I4.0 and A.I lead migrants to inclusionEntrepreneurship competences in I4.0 and A.I lead migrants to inclusion
Entrepreneurship competences in I4.0 and A.I lead migrants to inclusion
Claudia Lanteri
 
Call Girls In Bangalore 7339748667 available hotel and home full enjoy
Call Girls In Bangalore 7339748667 available hotel and home full enjoyCall Girls In Bangalore 7339748667 available hotel and home full enjoy
Call Girls In Bangalore 7339748667 available hotel and home full enjoy
akbard9823
 
VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...
VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...
VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...
shima sharma
 
2023 Ukraine Crisis Media Center Annual Report
2023 Ukraine Crisis Media Center Annual Report2023 Ukraine Crisis Media Center Annual Report
2023 Ukraine Crisis Media Center Annual Report
UkraineCrisisMediaCenter
 
Bangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable Price
Bangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable PriceBangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable Price
Bangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable Price
rano khanrk#N06
 
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
vfuvxao
 
Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...
Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...
Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...
nagunakhan
 
MobilFlex - Extended Presentation - IBM
MobilFlex - Extended Presentation - IBMMobilFlex - Extended Presentation - IBM
MobilFlex - Extended Presentation - IBM
Mihai Buta
 
Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...
Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...
Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...
fufa9823#S0007
 
Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...
Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...
Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...
anshulbalyan01
 
Client Management Skills.pptx for corporate world
Client Management Skills.pptx for corporate worldClient Management Skills.pptx for corporate world
Client Management Skills.pptx for corporate world
artemacademy2
 
Presentation agenda of three-day conference
Presentation agenda of three-day conferencePresentation agenda of three-day conference
Presentation agenda of three-day conference
bernadettalaurentia1
 
Beyond the Veil: Unraveling the Secrets of Your Dreams
Beyond the Veil: Unraveling the Secrets of Your DreamsBeyond the Veil: Unraveling the Secrets of Your Dreams
Beyond the Veil: Unraveling the Secrets of Your Dreams
amerhanoor20
 
Bridging the visual gap between cultural heritage and digital scholarship
Bridging the visual gap between cultural heritage and digital scholarshipBridging the visual gap between cultural heritage and digital scholarship
Bridging the visual gap between cultural heritage and digital scholarship
Inesm9
 

Recently uploaded (20)

一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理
一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理
一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理
 
Praesensa Technical Product Training UL 2572.pptx
Praesensa Technical Product Training UL 2572.pptxPraesensa Technical Product Training UL 2572.pptx
Praesensa Technical Product Training UL 2572.pptx
 
VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...
VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...
VVIP Call Girls Meerut ☎️ +91-987394 😍 Meerut 🔥 Independent Girls In Home And...
 
➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result
➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result
➏➌➐➋➎➌➐➑➐➒ Kalyan chart satta matka guessing result
 
MASTERCARD FOR FINTECHS PROGRAM 2024 BROCHURE
MASTERCARD FOR FINTECHS PROGRAM 2024 BROCHUREMASTERCARD FOR FINTECHS PROGRAM 2024 BROCHURE
MASTERCARD FOR FINTECHS PROGRAM 2024 BROCHURE
 
AI for FSI by Ronan Carey from Dell Technologies
AI for FSI by Ronan Carey from Dell TechnologiesAI for FSI by Ronan Carey from Dell Technologies
AI for FSI by Ronan Carey from Dell Technologies
 
Entrepreneurship competences in I4.0 and A.I lead migrants to inclusion
Entrepreneurship competences in I4.0 and A.I lead migrants to inclusionEntrepreneurship competences in I4.0 and A.I lead migrants to inclusion
Entrepreneurship competences in I4.0 and A.I lead migrants to inclusion
 
Call Girls In Bangalore 7339748667 available hotel and home full enjoy
Call Girls In Bangalore 7339748667 available hotel and home full enjoyCall Girls In Bangalore 7339748667 available hotel and home full enjoy
Call Girls In Bangalore 7339748667 available hotel and home full enjoy
 
VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...
VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...
VVIP Call Girls Rajkot ☎️ +91-987394 😍 Rajkot 🔥 Independent Girls In Home And...
 
2023 Ukraine Crisis Media Center Annual Report
2023 Ukraine Crisis Media Center Annual Report2023 Ukraine Crisis Media Center Annual Report
2023 Ukraine Crisis Media Center Annual Report
 
Bangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable Price
Bangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable PriceBangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable Price
Bangalore Call Girls Full Enjoy 👉 7023059433 👈 Quick Booking at Affordable Price
 
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
 
Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...
Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...
Call Girls Hyderabad 👯‍♀️ 7339748667 🔥 Escorts at your Door Step Available 2...
 
MobilFlex - Extended Presentation - IBM
MobilFlex - Extended Presentation - IBMMobilFlex - Extended Presentation - IBM
MobilFlex - Extended Presentation - IBM
 
Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...
Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...
Call Girls In Patiala 👯‍♀️ 7339748667 🔥 Safe Housewife Call Girl Service Hote...
 
Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...
Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...
Call Girls Kalyani Nagar ♠️ 7339748667 ♠️ Pune Escorts Yeena Best Independent...
 
Client Management Skills.pptx for corporate world
Client Management Skills.pptx for corporate worldClient Management Skills.pptx for corporate world
Client Management Skills.pptx for corporate world
 
Presentation agenda of three-day conference
Presentation agenda of three-day conferencePresentation agenda of three-day conference
Presentation agenda of three-day conference
 
Beyond the Veil: Unraveling the Secrets of Your Dreams
Beyond the Veil: Unraveling the Secrets of Your DreamsBeyond the Veil: Unraveling the Secrets of Your Dreams
Beyond the Veil: Unraveling the Secrets of Your Dreams
 
Bridging the visual gap between cultural heritage and digital scholarship
Bridging the visual gap between cultural heritage and digital scholarshipBridging the visual gap between cultural heritage and digital scholarship
Bridging the visual gap between cultural heritage and digital scholarship
 

An introduction to SOC (Security Operation Center)

  • 1. Security Operations Center Presenter: Ahmad Haghighi Haghighi.ahmad@gmail.com September 2014
  • 2.  Foreword  Introduction  Build vs. Outsource  5G/SOC  Personnel  Q&A Table of Context
  • 4.
  • 5.
  • 6. "We were at the point in the company where security was distributed over many teams -IT, the network guys, some dedicated network engineers, corporate security, and so on," "We didn't have a single view into our assets." Fischbach (Colt Telecom Services) Integrity Get visibility into your environment Centralized Management Modern & Complicated attack methods
  • 8. A security operations center (SOC) is a centralized unit in an organization that deals with security issues, on an organizational and technical level. An SOC within a building or facility is a central location from where staff supervises the site, using data processing technology. Typically, it is equipped for access monitoring, and controlling of lighting, alarms, and vehicle barriers. SOC An information security operations center (or "SOC") is a location where enterprise information systems are: monitored assessed, and defended. ISOC
  • 9. Alternative names Security defense center (SDC) Security intelligence center security intelligence and operations center (SIOC) Cyber security center Threat defense center Infrastructure Protection Centre (IPC)
  • 10. ServerIDS SAN Firewall IPS Access Control Data Base Antivirus Data Center User Activity Applications Event management consoles Penetration testing tools Web Sites Vulnerability DetectionsUTM SOC SIEM Aggregate Correlate Web Server Honeypot Mail VPN Switch Router Web Cache • Alerts • Reports • Advisories OS logs
  • 12. SOC Technology People Process & Procedure Environment
  • 13.
  • 14. Nick Bradley(senior operations manager for IBM): "Think worse-case scenario -what type of data would be accessed if you were breached, and would you have the resources to recover, or could you recover?“ "If the answer is terrifying and keeping you up at night, then the answer is yes, you need a security operations center." Expensive (Infrastructure, Personnel, Training, …) Current equipment is not enough? Do We need a SOC? TCO – TBO ROI Do we need a SOC?
  • 15. Survey of Secure Enterprise readers (2005) 72 percent of respondents with fewer than 5,000 employees had no plans to build a SOC Among the 28 percent who have a SOC or plan to build one 53 percent will collocate in the NOC The rest plan to house the SOC in a separate location, either a building (25 percent) or a room (22 percent).
  • 16. • Microsoft (3 SOC) • IBM • Dell SecureWorks (7 SOC) • HP (ArcSight) ->BMW • Verizon • Symantec MSSP Challenges (Limitations) Some Providers: Advantages Build-in vs. Outsource Hybrid
  • 17. • Firewalls • IDS/IPS • Data Loss Prevention • Behavior Based Detection • Anti-Spyware • Rogue Host Detection • Policy Auditor • Devise Control (USBs, etc.) • Asset Management • Baseline Monitoring (FDCC) • Application White listing • Patch Management • Remote Forensics • Etc. Possible Shopping Lists Hosts:
  • 18. • Log Aggregation and SIM • Flow Monitoring • Full Packet Capture • Next Generation Firewalls – shift from blocking IPs and Ports to controlling applications • Web Application Firewall • Web Proxy • Content Monitoring (Network Based DLP) • New IDSs – Code Behavior/ Reputation • Continuous Vulnerability Scanning • Honeypot Possible Shopping Lists Network:
  • 19. • SOC -- provide Incident Response, Forensics Capabilities, Threat Monitoring, Intelligence Gathering • Continuous Monitoring • Better User Training and Awareness – First line of defense: Informed Users! • Contingency Planning • Red Team/Blue Team (inc. Third Party Penetration Testing & Web/Application Testing) • Encryption • 2 Factor Authentication • Identify, classify, and tag what you need to protect, what are your crown jewels, what will affect your organizational viability. • MORE FUNDING & RESOURCES!!! Possible Shopping Lists Other:
  • 21. 1st Generation SOC: 1975-1995
  • 22. 2nd Generation SOC: 1996 2001
  • 23. 3rd Generation SOC: 2002 2005
  • 24. 4th Generation SOC: 2006 today
  • 26. Security Operations Maturity Model (CMMI Based)
  • 28. People Skills • 724 • Forensics knowledge • Proficiency in coding, scripting and protocols • Managing threat intelligence • Breach management • Penetration testing • Data analysts • Minimum two years of experience in NID monitoring and incident response. • Familiarity with network security methodologies, tactics, techniques and procedures. • Experience with IPS/IDS, SIEMs and other CND security tools. • Ability to read and write Snort IDS signatures. • Experience reviewing and analyzing network packet captures. • Experience performing security/vulnerability reviews of network environments. • Possess a comprehensive understanding of the TCP/IP protocol, security architecture, and remote access security techniques/products. • Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.
  • 29. People Skills • Working knowledge of network architecture. • Strong research background, utilizing an analytical approach. • Candidate must be able to react quickly, decisively, and deliberately in high stress situations. • Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers. • Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a team setting. • Ability and willingness to work shifts ranging within 7:00 AM EST 11:00 PM EST.
  • 30. Principle Duties and Responsibilities: • Monitor and analyze network traffic and IDS alerts. • Investigate intrusion attempts and perform in-depth analysis of exploits. • Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident. • Conduct proactive threat research. • Review security events that are populated in a Security Information and Event Management (SIEM) system. • Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident. • Independently follow procedures to contain, analyze, and eradicate malicious activity. • Document all activities during an incident and providing leadership with status updates during the life cycle of the incident. • Create a final incident report detailing the events of the incident • Provide information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies! (NASA) • Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
  • 31.
  • 32.
  • 33. Some Points: • SOC Security • Environment (Location, Temperature, Humidity, Ergonomics, Lighting) • Collect as much as you can, even if you don't have the capacity to analyze it in real time. Because if you store it, it may become useful to you later on • A network connection to the Internet separate from your corporate network. • Dedicated phone lines • A fax line • Documentation • A secure wireless network • Electrical Power (UPS) • Clear Responsibilities (Duties, Time shifting, …) • Easy of Use
  • 34. Resources: • Building a successful SOC (HP whitepaper) • 5G/SOC: The NOW of security operations (HP whitepaper) • 5G/SOC: Inside the world’s most advanced SOCs (HP WP) • How mature is your SOC? (HP WP) • SECURITY OPERATION CENTER (Reply communication valley) • arming_your_security_operations_center_with_the_right_technology_and_ser vices (WIPRO.com) • Building Security Operation Center (HP presentation) • Building, Maturing & Rocking a Security Operations Center (Brandie Anderson) • intelligence-driven-security-ops-center (RSA Technical Brief) • Anatomy of a Security Operations Center (By John Wang, NASA SOC) • Best Practices for Building a Security Operations Center (Diana Kelley and Ron Moritz) • Creating an Effective Security Operations Function (RSA Whitepaper) • Wikipedia.com • Build Your Own Security Operations Center (Jay Milne) • Do You Need A Security Operations Center? (Robert Lemos) • Best Practices for SOC Design (David G Aggleton) • …

Editor's Notes

  1. برای شروع گفتن اینکه سایز کار و سازمان ما مهم است
  2. SIRT (Security Incident Response Team) IDS به تنهایی جواب نمی دهد مثلا نمیتواند APT ها را تشخیص دهد APT (advanced persistent threat)
  3. Proactive & predictive
  4. SEM … /sec SIM SAN=storage area net.
  5. Botnet: در دست گرفتن کامپیوتر افراد جهت استفاده (جاسوسی، دی.ا.اس و تیلیغات) SQL Inj… information_schema
  6. SIEM Policy Environmet: کجا باشه؟ تو دیتا سنتر؟ یه واحد یا ساختمان جدا؟ تو ان.او.سی
  7. ESM=Enterprise Security Manager is a SIEM =Event Security Management HP ArcSight ESM is uniquely able to understand who is on the network, what data they are seeing, which actions they are taking with that data, and how that affects business risk
  8. هزینه: مثلا esm اچ پی نیاز به 36 گیگ رم و 6*600 گیگ هارد نیاز دارد
  9. FDCC= Federal Desktop Core Configuration استاندارد ملی لیستی از «تنظیمات امنیتی» برای سیستم هایی که مستقیما به شبکه وصل می شوند Forensics دانشگاه شریف
  10. DLP=Data Loss Prevention
  11. Contingency احتمالی=
  12. مالکیت معنوی
  13. Subtle=زیرکانه
  14. Compliance=موافقت Subjectively=کیفی deficiencies-=نقص، فقدان Level5: برنامه هایی تعبیه شده اند تا نقصها و کمبود ها را به طور مستمرپیگیری کنند
  15. Breach=رخنه، تجاوز NID= Network Interface Devices تجهیزات واسط شبکه CND= Computer Network Defense
  16. آورن این مطلب کمک میکنه تا بفهمیم چه کار هایی نیازه انجام بشه remediation = تعمیر، تصحیح Assist=همکاری HIDS= Host IDS NIDS= Network IDS
  17. پرسنل در چند سطح تقسیم می شوند
  18. تمرکز در یک جا خود چالش های زیادی به دنبال دارد Ease of Use:بهترین راه امن کردن کشیدن کامپیوتر از برق است
  翻译: