Creating the managed SOC of tomorrow

Transcript

1. Creating the MSS and Managed SOC of tomorrow The Evolution

   of Third-Party Security & Olakanmi Oluwole

2. Table of contents The SOC of Today You can describe

   the topic of the section here The SOC of the future Evolution of Third Party Security 1 3 2

3. The SOC of Today 1

4. What is a SOC? A Security Operation Center is a

   place where security analysts monitors and analyze computer networks and environment of organizations 24/7. A SOC typically consists of multiple security teams such as the SOC analysts, Threat Intelligence Analysts, Forensics analysts, Incident responders, etc. These teams typically utilizes a combination of security application/tools for monitoring, analyzing, reporting and communication purposes. They also typically follow a set of documented procedures (playbooks) and policies. When a security incident is discovered, these teams work together to ensure security concerns are addressed and solved.

5. Security teams in today’s SOC SOC Operators Usually the first

   level charged with monitoring SOC Analysts Triages alerts and escalates Threat Intelligence Analysts Responsible for monitoring and analyzing existing and potential security threats outside the network DevOps Handle all the boring infrastructure stuff Security Engineers Sets up security systems and solutions Incident Responders Advance investigation and response to security incidents

6. Security teams in today’s SOC SOC Manager Manages the SOC

   Forensic Analysts Handles processing and analyzing criminal evidences of security incidents Threat hunters Responsible for detecting current threats, create and run custom analysis models using security event data

7. Challenges with the SOC of Today Big Data Sophisticated Attackers

   So many tools Alert fatigue Cost of running a SOC Skill and knowledge gap Poor automation Right tools

8. The SOC of Tomorrow 2

9. — Olakanmi Oluwole, 2023 “Today is the beginning of the

   tomorrow.”

10. Cloud Adoption A Security Operation Center is a place where

    security analysts monitors and analyze computer networks and environment of organizations 24/7. A SOC typically consists of multiple security teams such as the SOC analysts, Threat Intelligence Analysts, Forensics analysts, Incident responders, etc. These teams typically utilizes a combination of security application/tools for monitoring, analyzing, reporting and communication purposes. They also typically follow a set of documented procedures (playbooks) and policies. When a security incident is discovered, these teams work together to ensure security concerns are addressed and solved.

11. Automation and Artificial intelligence AI and ML are already being

    used by SOCs to automate many manual processes such as threat detection, analysis, and incident response. These technologies will continue to advance and become more sophisticated, enabling SOCs to handle a larger volume of data and reduce the workload on human analysts. AI and SOAR will help accelerate the processing time between detection and remediation of a security breach. However, the automation remediation (AR) should be implemented almost perfectly otherwise it may pose a risk in applying complex logic in a SOC environment where there are many variables related to a security incident

12. THREAT INTELLIGENCE The presence of ready-made practice intelligence helps SOCs

    invest ample time and resources in analyses and detection, improving their overall performance Since threat intelligence is more of a proactive approach to security that is designed to stay ahead of cyber threats, it is no doubt that a well-integrated threat intelligence system can significantly improve SOC effectiveness. SOC and threat intelligence is the ultimate combination against cyber threat detection and response. Integrating cyber intelligence within a SOC allows analysts to enable robust security measures and adopt an efficient and streamlined workflow.

13. ACTIVE THREAT HUNTING Threat hunting is the process of proactively

    searching for potential threats within an organization’s network. With the increasing sophistication of cyber attackers, SOCs will need to focus more on threat hunting to stay ahead of the curve. This will require investment in new tools and techniques that enable security teams to identify and mitigate threats before they cause damage.

14. SOC AS A SERVICE (SOCaaS) Image from gca.isa.org

15. THIRD PARTY SECURITY 3

16. What is 3rd Party Security? Third-party security protects an organization

    from the risk associated with third-party vendors. In 2020, Amazon, eBay, Shopify, and PayPal fell victim to a massive data leak. A third-party database with approximately eight million UK online shopping transactions was published online Social Captain, a third party that helps individuals and businesses boost Instagram followers and like counts, leaked thousands of Instagram account passwords. A website bug allowed access to any Social Captain user profile without having to log in. Essentially, this meant that anyone could simply enter a user’s unique ID to find out their Instagram login credentials.

17. 3rd party risks

18. Improve your 3rd parrty security risk posture Maintain an inventory

    of all vendors Regular audits on third party Use SLAs to your advantage and assign responsibilities internally Ensure continuous monitoring of your own environment Ensure your security policies cover for third party always, especially incident response Limit access of third party always

19. cybersocafrica.com

20. cyberlabafrica.com

21. cybersocafrica cyberlabafrica Thanks!