Cyber-Security-Monitoring-Guide

More documents

Recommendations

Info

Cyber Security Monitoring and Logging GuideTechnologyEvery SOC will be supported by a range of tools and other technology, typically centred around a good (commercial)SIEM engine.Most respondents to the Project Survey placed a great deal of value on all aspects of SOC technology as shown in thechart below.What value would you place on each of the following types of technologybeing employed in Security Operations Centres (SOC)?Security incident and event management (SIEM) rulesIncident responseSecurity incident and event management (SIEM) toolsVulnerability assessmentPatch managementEndpoint (eg laptops) securityTools that employ potential malware isolation and investigation techniquesEmail taffic analysisMalware analysis toolsOther key technology employed by the SOC0.0 0.5 1.0 1.5 2.02.5 3.0 3.5 4.0 4.5 5.0SIEMs were given the highest value of all SOC technologies by respondents to theProject Survey, which is not surprising as they are at the heart of nearly every SOC.“You can do a lot more with tools that are freely available if you invest more in people, rather thancommercial products”44
Cyber Security Monitoring and Logging GuideInformationIt is essential to make sure that any SOC has the information readily available that will help the cyber securitymonitoring and logging process.The amount and type of information required in a SOC will differ based on a numberof factors, such as its size, market sector, internal capabilities and nature of theparticular cyber security monitoring and logging services provided.Most respondents to the project survey had a high level of support for many types of information being used in aSOC, with the top five being:• Source inputs/material, such as vulnerability management; risk assessments; and SIEM monitoring• Security incident response teams (SIRT)• Intelligence and analysis (eg. a security risk register; security operations; and threat intelligence)• Management information (strategic and tactical reports) such as current risk and trends; threat and horizon scanning;operational metrics; and programme status• Tailor-made internal intelligence data.!Organisations can overlook the need to gain fast access to cyber security-relatedevents at their outsourced service providers (ie. access to premises or equipment).They often have difficulties in getting their third party suppliers (eg. cloud servicesuppliers, infrastructure outsourcers and managed service providers) to provideimportant information (eg. event logs) pertaining to cyber security events,sometimes having to wait for several days for something to be actioned.45
Page 1: Cyber SecurityMonitoring and Loggin
Page 4 and 5: Cyber Security Monitoring and Loggi
Page 60: The quadrants in this diagram outli

Cyber-Security-Monitoring-Guide

Create successful ePaper yourself

Delete template?

Save as template?