sans: roadmap to creating a world-class security operations center - infographic

PEOPLE PROCESS Alert Analyst Subject Matter Expert/Hunter SOC Manager Incident Responder Preparation Identification Containment Eradication Recovery Lessons Learned ROADMAP TO CREATING A World-Class Security Operations Center TECHNOLOGY These sources provide data for analysis in the SOC. Visibility Centrally collecting these data enables the SOC to see what’s going on in the enterprise. Action Based on the analysis, responders are able to respond effectively to security incidents and reduce the risk to the enterprise and the probability of future success of the attack technique. Analysis Analysts detect and investigate a wide range of threats, enabling them to understand the potential impact on the organization. SPONSORED BY Visit the SANS Analyst Reading Room, www.sans.org/reading-room/whitepapers/analyst, and search for “Building a World-Class Security Operations Center: A Roadmap” A security operations center (SOC) is a centralized enterprise security monitoring team organized around the goal of improving the organization’s risk posture through the use of technology and processes for incident detection, isolation, analysis and mitigation. (SANS, 2015) 30 % say no budget allocated to incident detection, investigation and response. (SANS 2014 Incident Response Survey) 52 % report little visibility into endpoint/system configurations and vulnerabilities as an obstacle to incident response efficiency. (SANS 2014 Incident Response Survey) 58 % have a dedicated incident response team, but 61% still call on surge staff to handle critical incidents. (SANS 2014 Incident Response Survey) 27 % find the inability to discern normal from suspicious traffic to be a key concern. (SANS 2014 Log Management Survey) 69 % have fully or partially embraced the use of cyberthreat intelligence in monitoring and incident response. (SANS 2015 Cyberthreat Intelligence Survey) False malware alerts can drain an organization’s resources … with an average of $1.27 million spent annually in response to ‘inaccurate and erroneous intelligence.’ Organizations waste approximately 395 hours per week ‘chasing erroneous alerts.’ (SC Magazine, January 20, 2015)

Upload: rajesh-nambiar

Post on 17-Aug-2015

241 views

Category:

Technology

16 download

Report

Download

Tags:

Embed Size (px):

TRANSCRIPT

Page 1: SANS: Roadmap to creating a World-Class Security Operations Center - Infographic

PEOPLE PROCESSAlert Analyst

Subject Matter Expert/Hunter

SOC Manager

Incident Responder

Preparation

Identification

Containment

Eradication

Recovery

Lessons Learned

R o a d m a p t o C R e a t i n g a

World-Class Security Operations Center

TECHNOLOGYThese sources provide data

for analysis in the SOC.

VisibilityCentrally collecting these data enables the SoC to see what’s going on in the enterprise.

ActionBased on the analysis, responders are able to respond effectively to security incidents and reduce the risk to the enterprise and the probability of future success of the attack technique.

Analysisanalysts detect and investigate a wide range of threats, enabling

them to understand the potential impact on the organization.

sans: roadmap to creating a world-class security operations center - infographic

Technology

incident response survey

incident response efficiency

incident detection

sans analyst

security operations

security incidents

erroneous intelligence

analysis analysts