building effective security operations center · 2019-06-21 · building effective security...
TRANSCRIPT
![Page 1: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/1.jpg)
![Page 2: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/2.jpg)
Building Effective Security
Operations Center
Tithirat SiripattanalertCISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT, ITIL, ISO270001 LA
Chief Information Security Officer and Chief Data Officer
True Digital Group
![Page 3: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/3.jpg)
Building Effective Security Operation Center
• Cyber security incidents
• Myths of setting up SOC
• Consideration in selecting SOC technology
• Required skill set and development plan
• Security incident response plan
• Ecosystem of advanced SOC
![Page 4: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/4.jpg)
Cyber Security Incidents
![Page 5: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/5.jpg)
Cyber Security Incidents
![Page 6: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/6.jpg)
Myths of Setting up SOC
• Technology alone can prevent us from cyber attack
• SOC jobs are for junior staff
• Collect logs from everything without understanding
• Technology choices are easy and straightforward
• If there’s an incident, we can figure our response out
then
![Page 7: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/7.jpg)
Considerations in Implementing SOC
Know your environment
Classify your assets and define clear goals
Choose flexible and scalable technology
Develop incident response plan
![Page 8: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/8.jpg)
Required Skill Set and Development Plan
• Threats and vulnerabilities
• Security tools fundamental
• System and network
• Logical thinking
• Incident Response
• Number of staff : 14-28 staff
![Page 9: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/9.jpg)
Security Incident Response Plan
• Clear role and responsibility
• Cyber drill incident response
PR Legal IT HRExecutive
Call Center
Third Party
![Page 10: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/10.jpg)
Sample Internal Metrics to Monitor SOC Effectiveness
• Escalation fidelity
• Number of false positive alerts
• Number of high severity incidents in open status
• Time to notify for high severity incidents
![Page 11: Building Effective Security Operations Center · 2019-06-21 · Building Effective Security Operations Center Tithirat Siripattanalert CISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT,](https://reader030.vdocument.in/reader030/viewer/2022041016/5ec7e3b1b0c02f053a34baa7/html5/thumbnails/11.jpg)
Ecosystem of Advanced Security Operations Center
Advanced SOC
Endpoint Detection
and Response User &
Entity Behavior Analytics
Network Traffic
Behavior Analytics
Automation &
Orchestration
Vulnerability Management
Threat Intelligence
Incident Response
• Know your environment
• Classify your assets and define clear goals
• Choose flexible and scalable technology
• Develop incident response plan