尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Security operation center (SOC)

Download as PPTX, PDF
Ahmed Ayman
Ahmed Ayman

The document discusses security operation centers (SOCs) and their functions. It describes what a SOC is and its main purpose of monitoring, preventing, detecting, investigating and responding to cyber threats. It outlines the typical roles in a SOC including tier 1, 2 and 3 analysts and security engineers. It also discusses the common tools, skills needed for each role, and types of SOCs such as dedicated, distributed, multifunctional and virtual SOCs.

Technology
1 of 17
SECURITY OPERATION CENTER Eng/ Ahmed Ayman Fahmy
Cyber Security Framework What is SOC ? SOC Team SOC process SOC Platform (Tools) Skills needed in a SOC Types of SOCs 2
3 Cyber Security Framework Identify Protect Detect Respond Recover
(CONT.)  Identify Identify threats which needed to protect our enterprise. Control who can access your business information. Require individual user accounts for each employee. Create policies and procedures.  Protect Install and activate security controls (Firewalls, IDS/IPS, ….). Patch your operating systems and applications routinely. Secure your wireless access point and networks. Setup web and E-mail filters. Use encryption for sensitive data. Train employees for security awareness. 4
(CONT.)  Detect Install and update anti-virus, anti-spyware and other anti-malware programs. Maintain and monitoring Logs.  Respond Develop a plan for disasters for information security incidents.  Recovery Make full pack up of important data and information. 5
SECURITY OPERATION CENTER (SOC) 6 monitor, prevent, detect, investigate, and respond to cyber threats around the clock
 SOC Team 7 SOC Operation Management Leadership CISO SOC manager Tier 1 Analyst Tier 2 Analyst Tier 3 Analyst Security Engineer SECURITY OPERATION CENTER (SOC) (CONT.)
SECURITY OPERATION CENTER (SOC) (CONT.)  Tier 1 Analyst (Alert Investigator) : Monitor SIEM alerts. Manages and configures security Monitoring Tools. Alert priority. Perform triage to confirm real security incident is taking place.  Tier 2 Analyst (Incident responder): Receives Incident and performs deep analysis. Correlate with threat intelligence to identify threat actor. Nature of the attack. Data and systems affected. Decide strategy for containment. Remediation and recovery. 8
SECURITY OPERATION CENTER (SOC) (CONT.)  Tier 3 Analyst (SME / Threat Hunters): Vulnerability assessment. Penetration testing. Threat intelligence. Threat Hunters who hunts threat which found their way into the network. Unknown vulnerabilities and security gaps. When major incident occurs join with Tier 2 analyst in responding and containing it. 9 Detect Contain Attack Eradicate Attack Recover
SECURITY OPERATION CENTER (SOC) (CONT.)  Security Engineers (Platform Management): Automated Tools. Integration between security controls and SIEM.  SOC manager: Responsible for hiring and training SOC staff. Manage resources. (Metrics) Manage team when responding to critical security incident. 10
SECURITY OPERATION CENTER (SOC) (CONT.)  SOC process Log source management SIEM management Use case management Playbook management Event management Incident management Vulnerability management 12
SOC PLATFORM (TOOLS)  SIEM : Security Information and Event Management  SOAR : Security Orchestration, Automation and Response  VMDR : Vulnerability Management, Detection and response  NDR : Network Detection and Response  EDR : End-point Detection and response  TIP : Threat Intelligence Platform  OST : Offensive Security Tools 13
Tier 1 Analyst 2-3 years of professional experience. Very good routing & switching knowledge. Good system administration knowledge. Understanding security system functions. Knowledge of SIEM event management. Certificates: CompTIA Cyber Security Analyst (CSA), SANS GMON 14
TIER 2 SKILLS (INCIDENT HANDLER)  4-5 years of professional experience  50% of the experience spent as Tier 1 analyst  Very good routing & switching knowledge  Very good Internetworking knowledge  Very good system administration knowledge  Good in End-point security knowledge  Experience in operating Firewall, IDS, IPS,……  Knowledge of SIEM event management and Use case writing  Certificates SANA GCIH 15
TIER 3 SKILLS (THREAT HUNTER)  6-9 years of professional experience  50% of the experience spent as Tier 2 analyst  Very good programming knowledge  Very good networking Knowledge  Very good system administration knowledge  Very good in End-point security knowledge  Experience in digital Forensics  Experience in using network traffic analysis, deception systems, vulnerability assessment and exploitation tools 16
TIER 4 SKILLS (ARCHITECT)  10-12 years of professional experience  50% of the experience spent as Tier 2 analyst  Very good programming knowledge  Very good networking Knowledge  Very good system administration knowledge  Very good in End-point security knowledge  Experience in SIEM, SOAR, VMDR, EDR and NDR  Experience in using network traffic analysis, deception systems, vulnerability assessment and exploitation tools  Certifications: CISSP Certified Information Systems Security Professional (ISC)2, CISM Certified Information Security Manager ISACA. 17
18 Dedicated SOC Classic SOC with dedicated full time staff, operated fully in house 24/7/365 operations. Distributed SOC Some full time staff and some part time, typically operates 8x5 in each region Multifunctional SOC / NOC Dedicated team which perform both functions of a network operation center and a SOC Fusion SOC Traditional SOC combined with new functions such as threat intelligence, operational technology Command SOC / Global SOC Coordinates other SOCs in global enterprise provide threat intelligence, situational awareness and guidance Virtual SOC No dedicated facility, part time members usually reactive and activated by security incident Managed SOC Many organizations turned to MSSP Managed Security Service Providers to provide SOC services on outsourced basis

Recommended

An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 

Recommended

An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
Priyanka Aash
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
InfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
infosecTrain
 

More Related Content

What's hot

Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
Priyanka Aash
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 

What's hot (20)

Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Soc
SocSoc
Soc
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 

Similar to Security operation center (SOC)

Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
InfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
infosecTrain
 
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
Infosec train
 
Unlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - InfosectrainUnlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - Infosectrain
infosecTrain
 
The Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career GuideThe Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career Guide
priyanshamadhwal2
 
Best SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdfBest SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdf
infosec train
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applications
Sanket Shikhar
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
endpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfendpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdf
Olufemi37
 
CA_Module_2.pdf
CA_Module_2.pdfCA_Module_2.pdf
CA_Module_2.pdf
EhabRushdy1
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
David Patterson
 
tarunidhar
tarunidhartarunidhar
tarunidhar
tarunidhar chitirala
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
Pete Burnap
 
Mohammed imranuddin cv.DOC
Mohammed imranuddin cv.DOCMohammed imranuddin cv.DOC
Mohammed imranuddin cv.DOC
mohammed imranuddin
 
SIEM vs EDR
SIEM vs EDRSIEM vs EDR
SIEM vs EDR
DanielAgent1
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsyPrezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
Azim191210
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
Rahul Neel Mani
 

Similar to Security operation center (SOC) (20)

Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
 
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
 
Unlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - InfosectrainUnlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - Infosectrain
 
The Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career GuideThe Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career Guide
 
Best SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdfBest SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdf
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applications
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
endpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfendpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdf
 
CA_Module_2.pdf
CA_Module_2.pdfCA_Module_2.pdf
CA_Module_2.pdf
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
tarunidhar
tarunidhartarunidhar
tarunidhar
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
Mohammed imranuddin cv.DOC
Mohammed imranuddin cv.DOCMohammed imranuddin cv.DOC
Mohammed imranuddin cv.DOC
 
SIEM vs EDR
SIEM vs EDRSIEM vs EDR
SIEM vs EDR
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsyPrezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 

More from Ahmed Ayman

Absorption losses of ultra thin crystalline silicon solar cells
Absorption losses of ultra thin crystalline silicon solar cellsAbsorption losses of ultra thin crystalline silicon solar cells
Absorption losses of ultra thin crystalline silicon solar cells
Ahmed Ayman
 
High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...
High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...
High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...
Ahmed Ayman
 
Printed electronics for system application
Printed electronics for system applicationPrinted electronics for system application
Printed electronics for system application
Ahmed Ayman
 
Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...
Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...
Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...
Ahmed Ayman
 
Voice over IP (VOIP)
Voice over IP (VOIP)Voice over IP (VOIP)
Voice over IP (VOIP)
Ahmed Ayman
 
Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...
Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...
Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...
Ahmed Ayman
 
UPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKS
UPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKSUPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKS
UPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKS
Ahmed Ayman
 
Satellite Communication
Satellite CommunicationSatellite Communication
Satellite Communication
Ahmed Ayman
 
Crowdsensing
CrowdsensingCrowdsensing
Crowdsensing
Ahmed Ayman
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)
Ahmed Ayman
 

More from Ahmed Ayman (10)

Absorption losses of ultra thin crystalline silicon solar cells
Absorption losses of ultra thin crystalline silicon solar cellsAbsorption losses of ultra thin crystalline silicon solar cells
Absorption losses of ultra thin crystalline silicon solar cells
 
High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...
High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...
High-Performance Low-Energy Implementation of Cryptographic Algorithms on a P...
 
Printed electronics for system application
Printed electronics for system applicationPrinted electronics for system application
Printed electronics for system application
 
Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...
Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...
Analysis and Implementation of Encapsulation Schemes for Baseband Frame of D...
 
Voice over IP (VOIP)
Voice over IP (VOIP)Voice over IP (VOIP)
Voice over IP (VOIP)
 
Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...
Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...
Joint MFCC-and-Vector Quantization based Text-Independent Speaker Recognition...
 
UPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKS
UPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKSUPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKS
UPLINK, DOWNLINK AND OVERALL LINK PERFORMANCE INTER-SATELLITE LINKS
 
Satellite Communication
Satellite CommunicationSatellite Communication
Satellite Communication
 
Crowdsensing
CrowdsensingCrowdsensing
Crowdsensing
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)
 

Recently uploaded

TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
ScyllaDB
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
ScyllaDB
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
dipikamodels1
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
Mydbops
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
Knoldus Inc.
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
Enterprise Knowledge
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
Databarracks
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
Safe Software
 

Recently uploaded (20)

TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
 

Security operation center (SOC)

  • 2. Cyber Security Framework What is SOC ? SOC Team SOC process SOC Platform (Tools) Skills needed in a SOC Types of SOCs 2
  • 4. (CONT.)  Identify Identify threats which needed to protect our enterprise. Control who can access your business information. Require individual user accounts for each employee. Create policies and procedures.  Protect Install and activate security controls (Firewalls, IDS/IPS, ….). Patch your operating systems and applications routinely. Secure your wireless access point and networks. Setup web and E-mail filters. Use encryption for sensitive data. Train employees for security awareness. 4
  • 5. (CONT.)  Detect Install and update anti-virus, anti-spyware and other anti-malware programs. Maintain and monitoring Logs.  Respond Develop a plan for disasters for information security incidents.  Recovery Make full pack up of important data and information. 5
  • 6. SECURITY OPERATION CENTER (SOC) 6 monitor, prevent, detect, investigate, and respond to cyber threats around the clock
  • 7.  SOC Team 7 SOC Operation Management Leadership CISO SOC manager Tier 1 Analyst Tier 2 Analyst Tier 3 Analyst Security Engineer SECURITY OPERATION CENTER (SOC) (CONT.)
  • 8. SECURITY OPERATION CENTER (SOC) (CONT.)  Tier 1 Analyst (Alert Investigator) : Monitor SIEM alerts. Manages and configures security Monitoring Tools. Alert priority. Perform triage to confirm real security incident is taking place.  Tier 2 Analyst (Incident responder): Receives Incident and performs deep analysis. Correlate with threat intelligence to identify threat actor. Nature of the attack. Data and systems affected. Decide strategy for containment. Remediation and recovery. 8
  • 9. SECURITY OPERATION CENTER (SOC) (CONT.)  Tier 3 Analyst (SME / Threat Hunters): Vulnerability assessment. Penetration testing. Threat intelligence. Threat Hunters who hunts threat which found their way into the network. Unknown vulnerabilities and security gaps. When major incident occurs join with Tier 2 analyst in responding and containing it. 9 Detect Contain Attack Eradicate Attack Recover
  • 10. SECURITY OPERATION CENTER (SOC) (CONT.)  Security Engineers (Platform Management): Automated Tools. Integration between security controls and SIEM.  SOC manager: Responsible for hiring and training SOC staff. Manage resources. (Metrics) Manage team when responding to critical security incident. 10
  • 11. SECURITY OPERATION CENTER (SOC) (CONT.)  SOC process Log source management SIEM management Use case management Playbook management Event management Incident management Vulnerability management 12
  • 12. SOC PLATFORM (TOOLS)  SIEM : Security Information and Event Management  SOAR : Security Orchestration, Automation and Response  VMDR : Vulnerability Management, Detection and response  NDR : Network Detection and Response  EDR : End-point Detection and response  TIP : Threat Intelligence Platform  OST : Offensive Security Tools 13
  • 13. Tier 1 Analyst 2-3 years of professional experience. Very good routing & switching knowledge. Good system administration knowledge. Understanding security system functions. Knowledge of SIEM event management. Certificates: CompTIA Cyber Security Analyst (CSA), SANS GMON 14
  • 14. TIER 2 SKILLS (INCIDENT HANDLER)  4-5 years of professional experience  50% of the experience spent as Tier 1 analyst  Very good routing & switching knowledge  Very good Internetworking knowledge  Very good system administration knowledge  Good in End-point security knowledge  Experience in operating Firewall, IDS, IPS,……  Knowledge of SIEM event management and Use case writing  Certificates SANA GCIH 15
  • 15. TIER 3 SKILLS (THREAT HUNTER)  6-9 years of professional experience  50% of the experience spent as Tier 2 analyst  Very good programming knowledge  Very good networking Knowledge  Very good system administration knowledge  Very good in End-point security knowledge  Experience in digital Forensics  Experience in using network traffic analysis, deception systems, vulnerability assessment and exploitation tools 16
  • 16. TIER 4 SKILLS (ARCHITECT)  10-12 years of professional experience  50% of the experience spent as Tier 2 analyst  Very good programming knowledge  Very good networking Knowledge  Very good system administration knowledge  Very good in End-point security knowledge  Experience in SIEM, SOAR, VMDR, EDR and NDR  Experience in using network traffic analysis, deception systems, vulnerability assessment and exploitation tools  Certifications: CISSP Certified Information Systems Security Professional (ISC)2, CISM Certified Information Security Manager ISACA. 17
  • 17. 18 Dedicated SOC Classic SOC with dedicated full time staff, operated fully in house 24/7/365 operations. Distributed SOC Some full time staff and some part time, typically operates 8x5 in each region Multifunctional SOC / NOC Dedicated team which perform both functions of a network operation center and a SOC Fusion SOC Traditional SOC combined with new functions such as threat intelligence, operational technology Command SOC / Global SOC Coordinates other SOCs in global enterprise provide threat intelligence, situational awareness and guidance Virtual SOC No dedicated facility, part time members usually reactive and activated by security incident Managed SOC Many organizations turned to MSSP Managed Security Service Providers to provide SOC services on outsourced basis
  翻译: