Más contenido relacionado

Presentaciones para ti(20)

Similar a Effective Security Operation Center - present by Reza Adineh(20)


Effective Security Operation Center - present by Reza Adineh

  1. Effective Cyber Security Operation Center Reza Adineh 10/7/2018 RezZaAdineH 1
  2. • Is your SOC effective ? • How can you Improve your SOC ? • IS your SOC mature ? • What sensors you have ? Is it enough to Threat detection ? • What Logs & Data you gathering ? • Do you enrich your data ? • How you enrich your Data ? • Is your incident management work properly ? • Do you have threat management ? 10/7/2018 RezZaAdineH 2
  3. Lets check out some more important questions: • 1st of all what you need to protect ? • 2nd how you want to protect ? • 3rd do you have enough vision on what is happening ? • 4th can you protect your asset from new threat ? How about existed threat ? • 5th can you predict future ? what is going on ? 10/7/2018 RezZaAdineH 3
  4. Check overall steps you should do: 1. Do Threat Management 2. Implement Castle Approaches, also avoid SPF (single point of Failure) 3. Plan & Implement high protection topology 4. Tune all of your sensors 5. Prioritize your sensors 6. Lets gather all data 7. Use ML & AI base solutions 8. Use Threat Intelligence & Do Enrichment on Logs & Data 9. Do threat Haunting 10. Do Cyber Exercise regularly & make improvement 11. Use a maturity model for best effort 10/7/2018 RezZaAdineH 4
  5. How to effectively manage incidents? • If you don’t have enough tools, you can not find out what's going on • So, 1st of all solve lack of technology & use practical Tools for increase visibility • Apply good detailed process for handling tools via experienced & knowledgeable people 10/7/2018 RezZaAdineH 5
  6. 10/7/2018 RezZaAdineH 6 Methodologies of Incident Management: • "Incident Handler's Handbook”, SANS Institute 2011 • "Computer Security Incident Handling Guide„NIST 2012 • "Strategies for incident response and cyber crisis cooperation", ENISA 2016 • „CSIRT Services Framework”, Forum of Incident Response and Security Teams • „SIM3 : Security Incident Management Maturity Model”, S-CURE and PRESECURE Complex and time consuming How to effectively manage incidents?
  7. 10/7/2018 RezZaAdineH 7 (…) Multilayered security and use of user and entity behavior analytics will become a requirement for virtually every enterprise. More information: rwithgartner/ gartners-top-10- technology-trends-2017/
  8. The problem User-based threats are on the rise: • 69% of organizations report incidents of attempted data theft — by internal threats. • 81% of breaches involve stolen or weak credentials. • 91% of firms report inadequate insider threat detection programs. Verizon Data Breach Investigations Report, 2017 10/7/2018 RezZaAdineH 8
  9. 10/7/2018 RezZaAdineH 9
  10. The solution • Enterprise modern solutions … • Arm Your Organization with UEBA • Arm Your Organization with proper Process 10/7/2018 RezZaAdineH 10
  11. 10/7/2018 RezZaAdineH 11
  12. Detect and Respond to Anomalous User Behavior with Security Analytics and Machine Learning • To avoid a data breach, your organization must detect and respond quickly to anomalous activity. User and entity behavior analytics (UEBA) can help you monitor for known threats and behavioral changes in user data, providing critical visibility to uncover user-based threats that might otherwise go undetected. 10/7/2018 RezZaAdineH 12
  13. 10/7/2018 RezZaAdineH 13
  14. User & Entity behavior analysis (UEBA) • User behavior analytics as defined by Gartner is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. • UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, UBA tracks a system's users. Big data platforms like Apache Hadoop are increasing UBA functionality by allowing them to analyze petabytes worth of data to detect insider threats and advanced persistent threats. 10/7/2018 RezZaAdineH 14
  15. 10/7/2018 RezZaAdineH 15 UEBA
  16. With UEBA, your team can: • Collect and prepare data from diverse sources to provide clean sets for effective analytics. • Obtain a true view of the identity of users and hosts — not just their disparate identifiers. • Detect known and unknown threats by applying full-spectrum analytics. • Accelerate threat qualification and investigation with powerful data visualizations and direct access to underlying data. • Streamline response using integrated playbooks, guided workflows, and approval- driven task automation. • Use artificial intelligence (AI) and machine learning (ML) technologies to improve time to detect and respond to threats. 10/7/2018 RezZaAdineH 16
  17. Sample: • Splunk UBA is a machine learning driven solution that helps organizations find hidden threats and anomalous behavior across users, devices, and applications. ... Splunk UBA visualizes the threat over a kill-chain, thereby, providing contextual awareness, along with supporting evidence for SOC analyst to consume. 10/7/2018 RezZaAdineH 17
  18. 10/7/2018 RezZaAdineH 18