top button
    Got Questions


Global IoT Summit 2018
Oct 31, 2018
The Leela Palace, Bangalore



    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration

Know About SOC (Security Operations Center) and the Rise of SIS (Security Insight Services)

0 votes
78 views

What is SOC?

SOC i.e., Security Operations Center is that army which protects you from the terrorists named as cyber-attacks and online threats. Having said that, it resembles the 24/7 hardworking forces dedicated to preventing, detecting, assessing, and responding to the cyber threats and vulnerabilities. The team is highly skilled and organized with the mission of continuously monitoring and improving the security posture of an organization.

The Strategy of SOC

The SOC strategy has to be business-specific and clearly outlined. It strictly depends upon the support and sponsorship of executive levels otherwise it’s not possible for SOC to work properly. The SOC must be an asset to the rest of the organization. The aim of SOC should be catering to the company’s needs and a strong sponsorship from the executives is mandatory to make it successful.

The Infrastructure

Careful planning is the key to make any model successful. Same is the case with the SOC environment design. The aspects like physical security, layout, and electrical arrangements for the equipment, lighting, and acoustics must be considered properly. The SOC needs to have specific areas like a war room, an operational room, and the offices for supervisors. There must be proper visibility, comfort, control, and efficiency in every single area and therefore the design should be in consideration with these aspects.

The Technological Environment

After the mission and scope of the SOC, designing the underlying infrastructure is important. As several components are mandatory to build a comprehensive technological environment like firewalls, breach detection solutions, IPSs/IDSs, probes, and SIEM of course, to name a few. Efficient and effective data collection is primarily essential for a perfect SOC. Packet captures, telemetry, data flows, Syslog, and many such events are vital to collect, correlate, and analyze from the perspective of security. It is also essential to monitor the information and data about the vulnerabilities which can affect the complete ecosystem.

The Team and Processes

Although, technical aspects are highly important, still the huge and high-tech control room would be worthless if it doesn’t have people and proper functions/processes.

Just like a fully equipped car is useless without a driver, an organization is empty without human resources and policies. Technology, processes, and people are the pillars of SOC.

As we know, SOC is a Team and every winning team shall follow some rules. Apart from engineers, analysts, and dev-ops people, there will be leaders and the leadership skills are necessary for everyone. There will be several tiers assigned to different team members. The analysis based on the real event monitoring, security incident/data breach detection, response to the incidents, and finally the remediation of those happenings. The paramount of the organization is coordination, collaboration, efficiency, and timing. Every member has to be aware of the strategy and mission of the SOC and hence, leadership plays a key role in this scenario. The SOC manager must be the one who inspires and motivates other team members so that they can contribute to the organization’s vision and mission. After all, providing 24/7 service while handling the stress isn’t easy at all.

Selecting such team members who can add value, is really a challenging task as the required skill-set is quite big and the enthusiasm should also be there. Again the exact amount of the workers must be hired, neither less nor more.

Considering this scenario, adopting a hybrid vision model could prove viable as it envisions the cooperation between the internal teams and managed service providers which are outsourced.

The Types of SOC models

Are you aware that there are several kinds of SOC models? Yes, check out below-

Virtual SOC

• It has no dedicated solution/facility

• Members are part-time

• The team is active only when critical incidents occur

Dedicated SOC

• Facility is dedicated

• The team is also dedicated

• Totally in-house team

Co-managed / Distributed SOC

• Both semi-dedicated and dedicated teams

• Usually, 5 X 8 operations are handled

• It becomes co-managed when paired with MSSP (Managed Security Service Provider)

Command SOC

• Coordination with other SOCs

• Offers situational awareness, threat intelligence, and additional expertise

• Not always directly involved in day-to-day operations but rarely

NOC (Network Operations Center) / Multifunction SOC

• Dedicated facility and team

• Performs all critical IT and security operations 24/7 with common facilities

• Helps in reducing the costs of the organization

Fusion SOC

One SOC facility consists of new and traditional SOC functions like CIRT (Computer Incident Response Team), threat intelligence, and OT (Operational Technology) functions which are combined.

Fully Outsourced SOC

Apart from the above six models, the service provider of ‘fully outsourced model’ operates and builds the SOC with minimum but supervisory involvement from the customer’s enterprise.

The Intelligence and Approach

To enhance the organization’s security posture, the SOC has to be both –active and proactive as it needs to carry out the process of Vulnerability Management. The priority for SOC is a robust approach to handling vulnerability and risk assessment skill. Other than that the OWASP model approach can be taken into the consideration too. Also, a threat intelligence approach (context aware) shall be implemented to become more effective in diagnosing/preventing the threats and adding more value.

The Essentials

Creating and Operating a SOC demands high quality, infrastructure, enthusiasm, teamwork, and skills. It should have best practices, compliances, and frameworks like COBIT, ITIL, and other are vital to abide by the PCI DSS and ISO/IEC 27001: 2013 standards.

ITIL is a potentially unmatched source of guidance in case of service design and strategy, service level management, and coordinating between the SOC related purposes and incident management processes.

Also, COBIT and especially its Maturity Model, COBIT- MM shall be considered as a premium guideline for checking how mature is SOC?

The performance of the SOC has to be measured correctly and appropriately in all aspects. Therefore, the KPIs must be well-defined to check the application of ITIL, i.e., continual improvement of service. These steps will help in generating the best results from the SOC and add value to the organization.

So, these were the things you need to know about SOC.

Now, let’s understand what are Managed Security Services or Security Insight Services.

SIS (Security Insight Services)

We all know the hell number of online threats and cyber-attacks going on in the world. These things happen due to lack of essential security tools, equipment, and services. Many of the businesses are so concerned about the security of their data and loss of business but they don’t get proper solutions. They are often worried about how prepared their organization is to handle the online crisis situations.

To these problems, ‘Security Insight Services’ is the solution. It is a one-stop-shop solution for all the current and possible online threats/attacks.

The offerings by SIS

• Project driven approach

• Security Incident & Threat Analysis

• Project Driven Approach

• Security posturing assessment

• Security Incident & Threat Analysis

• Gap Analysis

• Network Security Assessment

• Malware Threat Modeling

• Database Activity monitoring & Vulnerability Scanning

• SIEM effectiveness modeling Configuration Auditing

• Process Auditing

• Application Vulnerability Assessment Email System Assessment

• Wireless System Assessment

• DDOS Attack Preparedness Testing DLP Analysis

The Need for SOC and SIS

If you aren’t aware already then let me tell you that if an attack happens, it takes 99 days on an average for that to get identified. Now that’s a big amount of time! So, you get the need for data protection and privacy for providing security. Hence, it clearly indicates the dire need for newness in the technology of cyber-security. Many people forget that just having the correct tools and processes isn’t enough. You can be still vulnerable to threats and attacks if you don’t monitor systems, detect upcoming threats, and don’t make any changes in the systems/operations whenever an attack or threat is identified.

Many organizations are now getting aware and want to build their SOC as they want more control over the safety of their data, monitoring, and the response. A SOC built project creates a strategic business impact and hence it’s a critical and vital initiative for those organizations.

Conclusion

Looking at all the above key pointers, we get to know about the ideal SOC, the necessities for it in all aspects, the rise of SIS (Security Insight Services), and the vitality of SOC and SIS. To run ta SOC, the comprehensive range of cyber security aspects, high skills, and important competencies have to be considered. Building SOC is a combination of business strategies and high level of security armors as a service.

Teamwork, great leadership skill, and motivation are vital for every member of the team, especially for the manager. A fully functional SOC is a complex project because it has to deal with wide and endless range or problems related to the data security. As the time gets ahead, there are going to be more challenges, and therefore a SOC has to be prepared for the same.

There is going to be the constant need for high-end online security services, and everyone has to brace for it! SOC team has a lot of work to do and that too tirelessly.

Many businesses will have to choose one of the best online security services or the SOCs, and we are certainly going to get a number of them in the near future.

So, the whole point is that every single business should find a great SOC to cater to their needs of business security and improve the complete security structure of the organization.

posted Sep 20, 2018 by Manohar Parakh

  Promote This Article
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button

Related Articles
0 votes

With an increasing number of threats in the world, small and mid-sized businesses are facing numerous issues. They are keen to find security services which fit their budgets and yet provide proper security services. An important problem that SMBs (small and mid-sized businesses) face is lack of personnel to build and function their own SOC (Security Operation Center). Due to this, the Security Information and Event Management (SIEM) process is out of reach. Eventually, many such organizations are turning towards the way of outsourcing SOC as a Service which can suit their organization's needs and improve the security posture. Several small to mid-sized companies face the "trio of the cyber security troubles" as follows:

· Recent ransomware like Petya and WannaCry caught the world in their evil grip but in a more modern way.

· With the increasing number of cyber threats, there is an increase in the security expertise scarcity creating over 3.5 million cyber security openings by 2021.

· As per the Verizon’s DBIR report, hackers are targeting on small and mid-sized businesses and creating a havoc in them as they lack proper SOC (Security Operations Center) services.

As a consequence, small and medium-sized businesses (SMBs) are finding ways on how they can deal with so many upcoming challenges. Therefore, they are going to the reputed security service providers who can implement SOC as a Service. Although, this is a right decision, yet exploring and choosing the correct SOC service provider is not that easy. If your vendor lacks proper and mandatory amenities for the effective SOC with a plain focus on managed detection, then this can turn to a bigger loophole in your security posture.

If you too are stuck on how to choose a smart security provider, then you can follow the below checklist. It guides you to search for a comprehensive SOC service. The checklist includes:

Complexity level

A recent Gartner study identified that MDR (managed detection and response) is a fast-growing market. The detection is obviously used to recognize the threats, but the SOC should also provide prevention and IR (incident response) in case of a disaster.

A comprehensive security package like decisive and effective IR, protection from DDoS attack, ransomware, data breach, and disaster recovery is all you need when you consider a SOC. If the vendor doesn't provide 24/7 SOC and IR services, then it should not be termed as SOC.

Real-Time Threat Analysis

Monitoring the threats in real-time with the use of detection services and forensics is a crucial task for SOC. It should be for all the security incidents on the basis of 24/7. The scanty staff in the security team can't handle the noisy and complex SIEM (Security Information and Event Management) tools. They can't strain out the false alarms and hence the performance level doesn't stay up to the mark for vital security matters.

You have to make sure that the SOC provider has the abilities of smart detection of the threats round the clock so that you can sleep peacefully.

Armed Threat Hunting

With the burgeoning techniques of hacking and hackers getting smart, it is very tedious to detect every single type of attack. Staying armed means, the network has to stay prepared in advance and search for the threats proactively. This would result in auto-adjustment of the network as per the latest cyber-attacks which could be just a few hours ago. This is a huge responsibility of the security specialists. It calls for learning the different and unique requirements of the client's network and hunt down the threats which can still pass on through the detection process. For this method to work, we need relevant and efficient threat-intelligent sources, machine learning techniques, and choosing everything which can help in one or the other way to find valid security incidents impacting the consumers.

Compliance Control

Compliances are a vital factor while implementing the SOC. Every SOC should compulsorily have some compliances like PCI DSS, HITECH, HIPAA, GLBA, FFIEC, and some other standards that high-quality industries must bind to. The compliance organizations must provide templates for recommended security checks and vulnerability assessments and see whether the businesses are abiding by the given regulatory measures.

Not just hackers can cost you big bucks, but not having required compliances can lead you to pay penalties as well! You must make sure that all these things are handled by your SOC service provider.

Strategic Advising

After monitoring the network and hunting for the upcoming threats, the security engineers will get an in-depth understanding of your company's network. This knowledge of network topology, places of the vital assets will help them to protect those with a proper defense strategy. You should demand this from the outsourced SOC provider as this contributes to designing and improving the security posture.

Instead of having a just scalable cloud-based technology, an outlined IR (Incident Response) process and a team of well-trained security specialists shall persuade the clients to get insights into their organization's security posture. Further, this helps in improving and running the business processes more effectively.

Defined Pricing

Pricing is the issue which everyone faces. Make sure that your prices don't fluctuate every single time because this would deteriorate the trust of your consumers. The SOC service provider should make fixed pricing plans. The rates shall vary on the number of sensors and users instead of log data's volume and servers monitored. Such predictable and defined pricing models are essential for small and mid-sized businesses (SMBs). These organizations struggle with the fluctuating costs and can't afford highly expensive managed services. Therefore, the SOC providers should not have unpredictable costs.

To summarize

All these factors are important to consider while choosing the SOC provider. This checklist will guide you to know which things you should not compromise when you want to outsource the SOC provider. You can further read why SOC is important here.

0 votes

Lots of businesses are moving towards cloud but still, they are pretty confused on which cloud to choose. Where most of the small and medium-sized businesses prefer public clouds but, they still have a fear in mind about the privacy, security, and costs as it is a public cloud. A lot of confusion still lingers around about the data security when people choose cloud computing. Public clouds are the recommended solutions to the businesses for cutting down the IT costs and improve the scalability and flexibility.

Security and control are two different and this difference is seen between the data security of cloud computing and data center. A company gets several benefits from cloud computing. Due to the public cloud, the companies can have quick provisioning, deployment, and IT resource scaling at much lower costs. A user can enter new markets easily and lessen the development time and wastage.

Actually, a public cloud can serve similar or better purposes than that of the traditional platforms like on premise. Even though there are several benefits, some myths still exist. We are here to debunk some of the myths about the public cloud so that the enterprises won’t get confused.

So, here are the top four myths about the security of the public cloud:

  • You can’t control your data location/residency
  • Customers on the same server are a threat to each other
  • There is a lack of inherent transparency in the public cloud
  • CSP (Cloud Service Provider) is only responsible for the security

You can’t control your data location/residency

Data residency/location is one of the prime concerns and therefore several countries have various laws which consider exporting of personal data in other countries as a criminal offense. Data residency is more of a concern when handling the personality identification data like financial information of any kind or health-related private information. In these cases, the cloud service provider should choose the locations from which it runs its data centers. The resellers that need to provide cloud services to their customers shall at least choose the service providers that can handle the location wise needs. So, it clarifies that this issue is not a matter to stress on. You can choose a quality cloud-service provider that can provide data residency as per your choice with accountability of data.

Customers on the same server are a threat to each other

This one is a constant myth about the multi-tenant cloud infrastructure that it is more vulnerable to attacks than that of the traditional IT infrastructure. Basically, in a public cloud, the tenants share all kinds of resources like storage, compute, and network. The sharing of all these physical resources arises the security concerns in the minds of the cloud tenants. They think that they are more vulnerable to attacks by the tenants of the same cloud. But, in actuality, it is very difficult for any tenant to attack the other tenant in the in the public cloud environment. The layer of hypervisor is primarily responsible for the separation between every tenant. If you don’t know then understand that hypervisors are very secure and therefore they are critical to attack. In addition, there are some cloud providers which provides more options to diminish the multi-tenancy risks at a greater extent. If you want to subscribe to a cloud service provider and get their offerings, then you should fully understand your requirements.

There is a lack of inherent transparency in the public cloud

Lack of transparency is liked by no one in any business as customers seek transparency everywhere. If there is visibility in any business, then it gets easier for the customers to trust you. Mistrust is the main reason that consumers back out from the cloud services because to build trust you should provide transparency and security. We can evaluate the cloud service provider by checking whether it has certain security compliances certifications or not. Further, you can validate if the service provider abides by the Could Trust Protocol or not. Through this protocol, the customers get the right information and it mentions that the data on the cloud is as it is and as per the rules mentioned. This protocol helps the customers by seeing the original information.

The companies can make correct choices about the data and processes. Which kind of data should go on which cloud and how to sustain the risk management decisions regarding the cloud services are the points which the company can work on confidently. Therefore, the visibility improves and the transparency gets affordable. Even though not every cloud provider will emphasize this and spend bucks over the maintaining 100% transparency, so every user can’t strictly demand this feature. Though, there will always be some kind of transparency maintained.

CSP (Cloud Service Provider) is only responsible for the security

Public cloud has an upper hand because the organizations can afford the resources like compute, space, RAM and several other features. Everyone can’t afford a personal server and hence the public cloud comes to the rescue.

The point is very easy, you don’t have to create everything from scratch as someone has already built it for you. It is not necessary for you to buy an individual server, or build a data center for that matter; unless that’s the only thing you have planned for your IT infrastructure.

No matter what, it is still your data and applications and therefore, you are responsible for it. It is your duty to select a perfect cloud vendor that caters your needs and seriously takes care of the security, disaster prevention, and post-disaster recovery. You should not just take a casual or mild approach while choosing the service provider and then the package which the provider offers. Things won’t work like that. Even if the vendor knows how to take care of the security part, you should also be knowledgeable enough to understand the risks, and make decisions.

Conclusion

Anyhow, the fact is that the public cloud provides more security than a conventional data center. Nowadays, cloud service providers are providing various levels of security by having some great tools and scanners. All of this is because the increasing number of threats and therefore growing cyber threats have forced them to become more attentive for preventing the attacks.

+1 vote

In recent months, I’ve been poking around various clouds. Along the way, I realized that they were not working the way I expected. Virtual machines are not as interchangeable or as cheap as they seem. Moving to the cloud is not as simple as it should be. In other words, anyone who has thought about the word “cloud” as a synonym for “perfection” or “painless” will be very disappointed.

You cannot say that there is no truth in what the companies claim about cloud, but there is much exaggeration and also plenty of complicated details that are not immediately obvious. In essence, the cloud are not miracle workers. The improvements are incremental, not revolutionary.

To keep our expectations in more realistic level, here’s a list of what we should really expect from the clouds.

1: Uneven Performance of Virtual Machines

Cloud uncomplicated many of the steps related to the purchase of a server. The desire? Press a button, choose your operating system and get the root password. Everything else should be treated by the cloud, which takes care of all computational tasks behind the curtain.

But the benchmarks taught me that virtual machines behave quite differently. Even if you buy a body having the same amount of RAM running the same version of the operating system, you will find surprisingly different performances. There are different chips and hypervisors running underneath it.

2: Many Choices

A great promise from cloud? Rent a Cloud and see what it can do. Your boss may want to invest in buying a rack or collocating the architecture to data center. But spending a few hours in understanding cloud can help in easy decision making.

To rent Cloud under pay per use model is an ideal way for people interested in trying out some features. But with the increasing choice also increases the complexity of analysis and uncertainty about what is really needed.

3: Eternal Instances

After spending some time with the installation of software and settings, many people give up on shut down a virtual machine that costs so little per hour, leaving them in the background waiting for work.

Generally, an audit of the lists of virtual machines takes longer than the cost of leaving them running another month.

I think the cloud companies will make big money with servers that are standing there, waiting for further instructions.

4: Difficulty Dealing with SaaS Pricing

Software as a service is another temptation in the cloud. You do not need to buy the license and install. You send your bits to an API and it does everything for you. But calculate the cost of software as a service involves analyzing several variables.

One of the ways for a company to be aware of the costs is to start the execution of applications in the cloud computing platform, and then calculate the actual costs. But this raises a number of additional issues, such as how to account for the characteristic fluctuating prices of an immature market.

To prove the cloud can be a rather nebulous process, even comparing a private cloud with the traditional IT infrastructure model.

5: Embedded Solutions

When Google announced Google App Engine, it seemed that the device would make the simplest cloud computing. The problem is that the product’s owner needs to use it. This means that you will be tied to it until you can rewrite the software. And who has time to do that?

Not surprisingly, the standard OpenStack is gaining momentum. Everyone is frightened by the possibility of seeing tied to a provider, no matter how good he can be. It takes more flexibility.

6: Security Is Still A Mystery

At first glance, it seems that you completely control your machine. You and only you set the root password. If the OS is secure and patches are installed, that’s OK, right?

All the clouds are far from clear what actually happens under the hypervisor. Cloud providers are far from offering as safe environments like a cage in the center of the room where you can lock your server.

7: The Cost Estimate Is Not Easy

You should buy a faster machine to 7 cents per hour or three slower machines to 2.5 cents per hour? As each vendor has its own way to charge for bandwidth, storage and other resources, expect to spend hours analyzing the use of various sizes of servers. Then put all this data into a spreadsheet to determine the cheapest configuration.

8: Moving Data Is Not Easy

You like the idea of buying computing power per hour? But often the purchase is the smallest part of the work. Getting your data in the cloud can be a substantial task. If you are loaded log files or large data sets, you may be spending too much time in just moving the data you need.

So some suppliers are making it easy to store data locally and then buy computation time when you need it.

9: The Data Is Not Guaranteed As Well

Cloud contracts rarely have disaster recovery. Some vendors are starting to be more clear about its guarantees. Some have terms of service that explain a little better what they cover and do not cover. Others are responding faster and better questions about the physical location of the data, knowing that the answer may be crucial for regulatory compliance or security issues. The geographical distribution is critical for disaster recovery.

One of the most important items in the hiring of public cloud is the agreement of the level of service quality (SLA). Users need better answers from cloud providers on the finer points of management of availability and vulnerability of services before signing contracts. It is important for customers to know not just where your data is stored as who will access them.

10: No One Knows What Laws Apply

It is easy to imagine that the cloud is living in a Shangri-La, away from those pesky laws and rules that complicate the lives of companies. We would all like to believe that cyberspace is a beautiful place, full of harmony and mutual respect, which dispenses lawyers. What is a half-truth, because no one really knows what laws apply.

Not all the laws apply, because the Web extends throughout. As services and solutions are delivered anywhere in the world, this feature of the concept of cloud computing challenges the current legal model, which is based on local laws. As a result, the legal risks are even greater than those of other traditional IT outsourcing contracts, experts in digital right.

Join this borderless world requires more caution in drawing up contracts with service providers. It is important that the contract contains clauses on privacy issues and data availability. Companies should know the risks of hosting information outside of India. In case of a court order, the data confidentiality may be broken, depending on the privacy law and data protection applied by the country where the server is installed.

11: Extras Will Reach

The cloud business seems to be following the same model for collection of hotel companies and airlines. They will do anything to keep the cost of the main service as low as possible, because they know that price is the determining factor for the purchase of the service. But will try to compensate for this cheap price with add-ons.

The problem for most customers is that it is increasingly difficult to predict how many extra services are used. You can estimate the amount of data that will flow between their machines and the server in the cloud? Some cloud companies charge for it. If a programmer uses a data structure such as XML, can quadruple their bandwidth costs.

12: Responsibility For Backup Still Rests on You

It is tempting to buy the marketing hype and think of the cloud as a giant collection of computing resources. When you need to chew numbers, you cast your spell across the ocean and the answers are reborn from the mists.

If you think the cloud will save the responsibility of backing up your data to you, you are mistaken. Underneath it all, the virtual machines are so fragile as the machines on your desk.

In practice, the machines are machines only. If you build a backup plan for your server today, then you should build one for your software in the cloud as well. But It can also fail.

...