Building A Security Operations Center

1
Building A Security Operations Center

• 4 Best Practices To Learn

2
Introduction

• You have to know four things before building
  anything, whether its something simple like
  assembling your new furniture from IKEA or
  breaking ground on an entire community of homes
• What youre building
• The materials youll need
• Who is going to build (and maintain) it
• How youll build (and run) it

3
Building Effective SOC

• Building (or improving) an effective security
  operations center (SOC) is no different. Unlike
  that new dresser, there is no single guide for
  how to build it. Your organization has its own
  unique requirements and you have to come up with
  a tailor-made mix of the right SOC processes,
  people and technologies that fit.

4
What Sort Of SOC ?

• Yes, youre building a security operations
  center. But what sort of SOC are you building?
  What kind of capabilities does it need to have?
  How will it be organized? Asking and answering
  some basic questions up front allows you to
  create the roadmap that will drive the decisions
  to come on things like tooling and talent (read
  the parts that cost money).

5
Key Planning Ideas

• Hours and availability are you going to staff
  your SOC 247 or 85?Organization Are you
  planning to handle everything in-house or would
  you consider using a managed security services
  provider (MSSP) to help with certain
  tasks?Capabilities and priorities Does
  monitoring appear to be the main priority or will
  you require proactive capabilities like
  penetration testing or ethical hacking?Environmen
  t are you securing a single on-prem environment
  or a hybrid environment? Is your organization
  planning to make cloud a bigger part of its
  strategy?

6
Think About The Budget

• You may be wondering why budget isnt mentioned
  here. First, its hard to build a budget if you
  dont know what your endgame is. But more than
  that, the harsh truth is that throwing money at
  cybersecurity wont ensure that youve covered
  all your bases. Yes, budget is important but
  only if you know how you are going to use it most
  effectively.

7
Think About Technology

• With your plans in hand, youre ready to think
  about technology. It cant be understated that
  the capabilities of your security operations
  center are heavily reliant on the competence of
  the technology you use to build it.By making
  data quality, not just quantity, a priority you
  can lessen the amount of false flags that you
  would otherwise allocate your resources to
  (which, believe us, are extensive). After all,
  garbage in, garbage out, right?

8
Security Orchestration Automation Platform

• According to Ciscos 2018 Cyber security
  automation Study, organizations overwhelmingly
  favor specialized tools to get the most robust
  capabilities across their environment. The more
  disparate technology a SOC uses, the greater the
  need for a security orchestration and automation
  platform to help tie everything together. So as
  you embark upon creating your technology shopping
  list, ensure that you are contemplating not just
  the tools needed for prevention and detection but
  also the tools needed to minimize chaos and
  ensure the greatest levels of usability for your
  team.

9
Theres no I in SOC

• It goes without saying that you need a
  well-trained team of professionals to operate the
  technology you have invested in.
• At the very least, youll want to have positions
  for a CISO, SOC manager, security analysts and
  security engineers. Depending on the other skills
  you need to deliver on your requirements, you may
  also explore roles in the areas of compliance,
  threat intelligence, incident response,
  penetration testing and so forth.

10
Conclusion

• By developing your SOC predicated on process ,
  technology and a proper team to support it, you
  are immeasurably increasing the odds that
  critical information for your enterprise remains
  uncompromised. So long as you allow a thoughtful
  implementation of new SOC technology that is
  mitigated by consummate professionals, you are
  decreasing the chance that severe threats will
  breach your system infrastructure. More
  importantly, you will decrease the damage that
  these threats have the potential of causing.

11
Reference

• https//www.siemplify.co/blog/best-practices-for-b
  uilding-security-operations-center/
• https//www.siemplify.co/blog/security-operation-i
  ncident-response-phishing-playbook/
• https//hbr.org/2017/05/cybersecurity-has-a-seriou
  s-talent-shortage-heres-how-to-fix-it