SlideShare ist ein Scribd-Unternehmen logo

SOC-as-a-Service - comSpark 2019

Advanced Technology Consulting (ATC)
Advanced Technology Consulting (ATC)

Despite best efforts and substantial financial investment, costly breaches continue to happen at an alarming rate. The common approach to securing assets by purchasing sophisticated, layered security technologies is not working. These technologies are necessary, but not enough. A best practice model to minimize risk combines technology with continuous monitoring by security experts in a SOC. This session presents a model for effectively monitoring hybrid, multi-cloud environments. It covers the basic architecture of a modern SOC and proposes a pragmatic approach to providing complete visibility into all potential attack surfaces.

Technologie
1 von 21
© 2019 Open Systems. All rights reserved. Proprietary & Confidential. The Network for Growth. Zero Compromise. The Importance Of Continuous Monitoring To Minimize Cybersecurity Risk Dave Martin October 2019
Agenda • About Open Systems • The Importance of Continuous Monitoring • Building Blocks Of A Modern Security Operations Center (SOC) • Case Studies • Wrap-up 2
Open Systems – Deep Expertise, Global Reach 3 2M+ Users 6,000+ Deployments 20+ Years of customer success 180+ Delivering services in 180+ countries 24/7 Follow-the-sun operations
Our Experts are Your Experts 4 Configuration Deployment Security
Known Public Breaches
Technology-Driven Approach to Security 6 The average large enterprise has security products or services from 32 different vendors in its IT environment Challenges • Alert fatigue • Security silos • No feedback loop
Best Practices Approach to Minimize Risk 7 Security Operations Center (SOC)Technology Prevention Layer Continuous Monitoring +
What is a SOC? • Continuous monitoring • Staffed by security experts • Advanced threat detection • Containment • Incident response People, Process and Technology 8
A SOC Should Provide Comprehensive Monitoring for all Potential Attack Surfaces 9 Network Endpoint Cloud
SOC Work Effort: Primary Phases Incident Response and Containment Restore Targets Tune Security Stack Techniques and Technology Log Data Collect Detect RespondRemediate
Anatomy of a SOC Platform 11 Sources Ingestion Parsing Analysis Raw Storage Security Team Firewall NSM Sensor IDS/IPS SWG EPP/EDR IAM DNS Server 3rd party Servers IaaS SaaS Security SW Extract Security-Relevant Fields Normalize Data Threat Intelligence Enrichment Correlation Collecting Logs Secure Transport Investigations Analyzed Incident Threat Response
Sources, Ingestion and Parsing Security Layer Firewall IDS/IPS EPP Web proxy Cloud IaaS SaaS Security software Infrastructure Active Directory DNS Critical assets Identify security-relevant data and create default alert rules Store all in raw log format
Threat Intelligence and Enrichment Latest Global Threat Intelligence IDS and EPP Signatures IP Reputation DNS Reputation Malicious URL Enrichment Geo-IP Whois Passive DNS Virustotal Malware Sandbox
Use Case 1: The Importance of Correlation EPP alerted on powershell originating from Excel Powershell script executed C2 outreach Web proxy blocked connection Log Sources SOC Correlation Prevented False Positive EPP Software IDS/IPS Web Proxy
Use Case 2: The Importance of Correlation Malicious executable downloaded from WordPress Web Proxy log noted a blocked connection but incomplete http header in the capture is suspicious Investigating host to determine if it is compromised Log Sources SOC Correlation Used to Identify Suspected True Positive IDS/IPS Web Proxy EPP
Use Case 3: The Importance Of Correlation Compromised system: suspected APT due to traffic from suspicious source IP Suspicious IP scanning multiple sources IP reputation used to identify malicious scanner Log Sources SOC Correlation Used to Properly Categorize Threat Server/Network Secure Web Gateway
Use Case 4: The Importance of Correlation Reported BEC - $1M+ USD lost Analysis of fraudulent emails; 400+ related domains and at least one additional victim Malicious domains confirmed Log Sources SOC Correlation Identified True Positive Business Email Compromise (BEC) Mail Headers DNS
SOC Roadmap: Evolving Threat Detection • Continuous root cause analysis • Should be built into SOC workflow • Cover both false positives and false negatives • Proactive • MITRE framework • Breach and attack simulation tools • Pen testing • Red team/blue team exercise
Using A SOC to Minimize Risk Feedback loop for tuning of security layer Support compliance initiatives Expert advice to improve security posture Firewall Secure Web Gateway IDS/IPS
Summary BEST PRACTICE TO MINIMIZE RISK IS TO COMBINE SECURITY LAYER WITH CONTINUOUS MONITORING SOC USED TO DETECT ADVANCED THREATS USING TI, ENRICHMENT AND CORRELATION SOC PROVIDES EXPERT ADVICE TO MINIMIZE RISK AND IMPROVE SECURITY POSTURE
Thank you

Empfohlen

Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A Service
Michael Davis
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1
Priyanka Aash
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 

Empfohlen

Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A Service
Michael Davis
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1
Priyanka Aash
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Protect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudProtect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloud
Microsoft
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
David J Rosenthal
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
Vishwas Manral
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
Digital Transformation EXPO Event Series
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
Bitglass
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
michaelbasoah
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
Olav Tvedt
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
Microsoft
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
Microsoft
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App Security
Microsoft
 
Managed security services
Managed security servicesManaged security services
Managed security services
manoharparakh
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
Block Armour
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
Kyle Watson
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
Imperva
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
David J Rosenthal
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
Bitglass
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
michaelbasoah
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
Kyle Watson
 

Was ist angesagt? (20)

Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Protect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudProtect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloud
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App Security
 
Managed security services
Managed security servicesManaged security services
Managed security services
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 

Ähnlich wie SOC-as-a-Service - comSpark 2019

CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Rapid7
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
SaraPia5
 

Ähnlich wie SOC-as-a-Service - comSpark 2019 (20)

New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 
Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterp...
Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterp...Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterp...
Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterp...
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 

Mehr von Advanced Technology Consulting (ATC)

Mehr von Advanced Technology Consulting (ATC) (20)

Cloud Managed Services: Best Practices
Cloud Managed Services: Best PracticesCloud Managed Services: Best Practices
Cloud Managed Services: Best Practices
 
Racing + Cloud
Racing + CloudRacing + Cloud
Racing + Cloud
 
Navigating Cloud and Multi-Cloud
Navigating Cloud and Multi-CloudNavigating Cloud and Multi-Cloud
Navigating Cloud and Multi-Cloud
 
ATC Delta Dinner - SOB 2022
ATC Delta Dinner - SOB 2022ATC Delta Dinner - SOB 2022
ATC Delta Dinner - SOB 2022
 
"Turning Your Contact Center into a Profit Center"
"Turning Your Contact Center into a Profit Center""Turning Your Contact Center into a Profit Center"
"Turning Your Contact Center into a Profit Center"
 
"Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!" "Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!"
 
"Building Forward, Hybrid Workplaces & UCaaS"
"Building Forward, Hybrid Workplaces & UCaaS" "Building Forward, Hybrid Workplaces & UCaaS"
"Building Forward, Hybrid Workplaces & UCaaS"
 
Optimizing Your Hybrid IT Strategy
Optimizing Your Hybrid IT StrategyOptimizing Your Hybrid IT Strategy
Optimizing Your Hybrid IT Strategy
 
"AI and the Customer Experience (CX)"
"AI and the Customer Experience (CX)""AI and the Customer Experience (CX)"
"AI and the Customer Experience (CX)"
 
Hybrid Work Models, Anywhere Operations and Security
Hybrid Work Models, Anywhere Operations and SecurityHybrid Work Models, Anywhere Operations and Security
Hybrid Work Models, Anywhere Operations and Security
 
ATC Delta Elite Dinner - 4.15.21 - Jags
ATC Delta Elite Dinner - 4.15.21 - JagsATC Delta Elite Dinner - 4.15.21 - Jags
ATC Delta Elite Dinner - 4.15.21 - Jags
 
Digital Transformation of LAN Infrastructure
Digital Transformation of LAN InfrastructureDigital Transformation of LAN Infrastructure
Digital Transformation of LAN Infrastructure
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe Harbor
 
Digital Transformation of LAN Infrastructure
Digital Transformation of LAN InfrastructureDigital Transformation of LAN Infrastructure
Digital Transformation of LAN Infrastructure
 
Microsoft Teams' Direct Routing for UCaaS and CCaaS
Microsoft Teams' Direct Routing for UCaaS and CCaaSMicrosoft Teams' Direct Routing for UCaaS and CCaaS
Microsoft Teams' Direct Routing for UCaaS and CCaaS
 
The CIO Circle Executive Briefing featuring Zoom and 8x8
The CIO Circle Executive Briefing featuring Zoom and 8x8The CIO Circle Executive Briefing featuring Zoom and 8x8
The CIO Circle Executive Briefing featuring Zoom and 8x8
 
Cybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking AboutCybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking About
 
CCaaS Takes Center Stage
CCaaS Takes Center StageCCaaS Takes Center Stage
CCaaS Takes Center Stage
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
The CIO's Journey to the Cloud: Cloud Hero or Cloud Zero
The CIO's Journey to the Cloud: Cloud Hero or Cloud ZeroThe CIO's Journey to the Cloud: Cloud Hero or Cloud Zero
The CIO's Journey to the Cloud: Cloud Hero or Cloud Zero
 

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Kürzlich hochgeladen (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

SOC-as-a-Service - comSpark 2019

  • 1. © 2019 Open Systems. All rights reserved. Proprietary & Confidential. The Network for Growth. Zero Compromise. The Importance Of Continuous Monitoring To Minimize Cybersecurity Risk Dave Martin October 2019
  • 2. Agenda • About Open Systems • The Importance of Continuous Monitoring • Building Blocks Of A Modern Security Operations Center (SOC) • Case Studies • Wrap-up 2
  • 3. Open Systems – Deep Expertise, Global Reach 3 2M+ Users 6,000+ Deployments 20+ Years of customer success 180+ Delivering services in 180+ countries 24/7 Follow-the-sun operations
  • 4. Our Experts are Your Experts 4 Configuration Deployment Security
  • 6. Technology-Driven Approach to Security 6 The average large enterprise has security products or services from 32 different vendors in its IT environment Challenges • Alert fatigue • Security silos • No feedback loop
  • 7. Best Practices Approach to Minimize Risk 7 Security Operations Center (SOC)Technology Prevention Layer Continuous Monitoring +
  • 8. What is a SOC? • Continuous monitoring • Staffed by security experts • Advanced threat detection • Containment • Incident response People, Process and Technology 8
  • 9. A SOC Should Provide Comprehensive Monitoring for all Potential Attack Surfaces 9 Network Endpoint Cloud
  • 10. SOC Work Effort: Primary Phases Incident Response and Containment Restore Targets Tune Security Stack Techniques and Technology Log Data Collect Detect RespondRemediate
  • 11. Anatomy of a SOC Platform 11 Sources Ingestion Parsing Analysis Raw Storage Security Team Firewall NSM Sensor IDS/IPS SWG EPP/EDR IAM DNS Server 3rd party Servers IaaS SaaS Security SW Extract Security-Relevant Fields Normalize Data Threat Intelligence Enrichment Correlation Collecting Logs Secure Transport Investigations Analyzed Incident Threat Response
  • 12. Sources, Ingestion and Parsing Security Layer Firewall IDS/IPS EPP Web proxy Cloud IaaS SaaS Security software Infrastructure Active Directory DNS Critical assets Identify security-relevant data and create default alert rules Store all in raw log format
  • 13. Threat Intelligence and Enrichment Latest Global Threat Intelligence IDS and EPP Signatures IP Reputation DNS Reputation Malicious URL Enrichment Geo-IP Whois Passive DNS Virustotal Malware Sandbox
  • 14. Use Case 1: The Importance of Correlation EPP alerted on powershell originating from Excel Powershell script executed C2 outreach Web proxy blocked connection Log Sources SOC Correlation Prevented False Positive EPP Software IDS/IPS Web Proxy
  • 15. Use Case 2: The Importance of Correlation Malicious executable downloaded from WordPress Web Proxy log noted a blocked connection but incomplete http header in the capture is suspicious Investigating host to determine if it is compromised Log Sources SOC Correlation Used to Identify Suspected True Positive IDS/IPS Web Proxy EPP
  • 16. Use Case 3: The Importance Of Correlation Compromised system: suspected APT due to traffic from suspicious source IP Suspicious IP scanning multiple sources IP reputation used to identify malicious scanner Log Sources SOC Correlation Used to Properly Categorize Threat Server/Network Secure Web Gateway
  • 17. Use Case 4: The Importance of Correlation Reported BEC - $1M+ USD lost Analysis of fraudulent emails; 400+ related domains and at least one additional victim Malicious domains confirmed Log Sources SOC Correlation Identified True Positive Business Email Compromise (BEC) Mail Headers DNS
  • 18. SOC Roadmap: Evolving Threat Detection • Continuous root cause analysis • Should be built into SOC workflow • Cover both false positives and false negatives • Proactive • MITRE framework • Breach and attack simulation tools • Pen testing • Red team/blue team exercise
  • 19. Using A SOC to Minimize Risk Feedback loop for tuning of security layer Support compliance initiatives Expert advice to improve security posture Firewall Secure Web Gateway IDS/IPS
  • 20. Summary BEST PRACTICE TO MINIMIZE RISK IS TO COMBINE SECURITY LAYER WITH CONTINUOUS MONITORING SOC USED TO DETECT ADVANCED THREATS USING TI, ENRICHMENT AND CORRELATION SOC PROVIDES EXPERT ADVICE TO MINIMIZE RISK AND IMPROVE SECURITY POSTURE