Volume 1 - Issue 8 - ICTACT.IN

More documents

Recommendations

Info

Tech TalkSecurity Operation CentreIsrar Elahi, Head of Training, Consumer Services, Philippines, CSS CorpIn order to prevent the myriad of modernattacks, comply with government andindustry regulations, monitor deployedtechnology solutions, and verify the endlesshuman interactions with technology,organizations turn to industry-leading securitytechnology.They may go to IBM Internet SecuritySystems for their network intrusion preventionsystems (IPS), Cisco for their firewallsolutions, and Mcafee for host-basedprotection.This heterogeneous approach to selectingsecurity solutions provides organizationsthe best-of-breed technologiesand offers inherent security by not relyingon any single vendor or security platform.The combination of technologiesdoes, however, present a large challenge -there is no inherent way to normalize, aggregate,and correlate the security eventsacross technologies.Further, one team may support thefirewalls, another may support the networkIPS devices, and yet another maysupport the host-based security tools.This leads to security monitoring thatis performed using different tools and bydifferent teams.Piecing together the details of an attackin real-time becomes incredibly difficultand even forensic analysis after anattack is slowed by the need to combineevent streams.In reality, building and maintaininga strong security posture necessitates acentralized effort to monitor, analyze, andrespond to security events across technologiesas quickly as possible.To meet this need, many organizationsturn to Managed Security ServicesProviders (MSSPs) to outsource the bulkof security monitoring and testing.MSSPs offer a number of benefits becausethey can:• Monitor security events aroundthe-clockand provide in-depth informationsecurity expertise.• Spot patterns across a number ofcustomers to provide advanced warningon new threats.• Provide services to customers thatdo not have dedicated information securitystaff.However, MSSPs also present a numberof disadvantages. Namely, MSSPs do not:• Have an in-depth knowledge of thecustomer’s policies, procedures, or overallIT environment.• Offer dedicated staff for every customer.Only large organizations that spendthe most with the MSSP generally receivededicated support.• Offer customized services, processes,or procedures for the customerneeds.MSSPs strive to standardize servicesin order to gain economies of scale in providingsecurity services to many customers.June 2013 I 30
Tech TalkSecurity Operation Center is a generic term describing part or all of aplatform whose purpose is to provide detection and reaction services tosecurity incidents.• Store security data only at the customerpremise.Security data will be transmitted andstored at MSSP locations that may or maynot be in the home country. Weighingthe considerations, many IT groups decideto build their own Security OperationsCenter (SOC) to correlate events and centralizethe security monitoring, analysis,and response within a single team. Forthese organizations, the MSSP’s disadvantagesoutweigh its benefits.There are unique business requirementsthat require a dedicated SOC, orthere may be cost drivers that dictate theneed for an in-house SOC.Building an in-house SOC does, however,present its own set of challenges andmany groups struggle on how to best start.The SOC team is organized around the followingmain functions:• Customer Support is the vital focusof the staff located on the SOC floor. Callsand ticket queues are constantly monitoredto ensure effective and timely resolutionof all issues. All escalations are handledwith the utmost care to ensure thatthe appropriate resources are being assignedto address each issue in need ofattention.• Platform Management is the ongoingmanagement of the security platformsincluding platform and policy configuration,routine maintenance and platformavailability.• Threat Analysis is the monitoringof security events that are generated bymanaged platforms. The SOC team investigatesthose events to determine any potentialthreats to the customer’s environment.In the event that a threat is found,they promptly escalate that threat to properchannels for resolution.Roles on SOCSecurity Threat AnalystA Security Analysts is the MSS’s firstresponse to a perceived threat to a customer’smanaged security. SOC Analystsanalyze and respond to security threatsfrom Firewall (FW), Intrusion DetectionSystems (IDS), Intrusion PreventionSystems (IPS), Antivirus (AV), NetworkAccess Control (NAC) and other securitythreat data sources. They also configure,manage and upgrade these same securitythreat data sources along with Encryptionand other security products/appliances.Security EngineerA Security Engineer is MSS’s secondline of defense against a perceived threatto a customer’s managed security. SOCEngineer and SOC Analyst duties are similar.However, a Security Engineer’s additionalresponsibilities differentiate thetwo positions slightly. For example, a SOCSecurity Engineer has access to back systemsthat the Analyst cannot access. Theyalso handle escalations. Dependent uponexperience, a Security Engineer may begiven the designation of being a “Tier 2”or “Tier 3” Engineer.Advantage of SOC• Continuous prevention• Protection• Detection• Response capabilities againstthreats remotely exploitablevulnerabilities and real-timeincidents on your network• Data Acquisition• Technical and organizationalInventory• Vulnerability Database• Security Policy• Status Evaluation• Event generation, collection andstorage• Data analysis and reportingJune 2013 | 31
Page 1 and 2: June 2013MOOCChanging faceof Educat
Page 3 and 4: ContentICT ConnectA Quarterly Magaz
Page 5: Cover StoryICTACT BRIDGE ® 2013Coi
Page 8 and 9: Cover StorySession 1: Impact of Tec
Page 10 and 11: Cover StoryJune 2013 I 10
Page 12 and 13: Cover StorySession 2: Game Changers
Page 14 and 15: Tech TalkMOOCChanging the face of E
Page 16 and 17: Leader Speakin status quo generates
Page 18 and 19: ICTACT AwardPower Utility Managemen
Page 20 and 21: (((((Student ColumnT3 15-0-15/500ma
Page 22 and 23: Tech TalkMobilityUmadevi Balakrishn
Page 24 and 25: New InitiativesICT Academy of Tamil
Page 26 and 27: Tech TalkThe world is becoming flat
Page 28: Entrepreneur speakfrom people like
Page 33 and 34: Tech Talkteam members.During Knowle
Page 35 and 36: ICTACT Event SnapshotsPower Seminar
Page 37 and 38: ICTACT ProjectsICTACT Trains 13,500
Page 39 and 40: Tech TipsPasswordsThe First Step to
Page 41 and 42: Academician ColumnEmployability Ski
Page 43 and 44: Technology in EducationClickers in
Page 45 and 46: ICTACT Training ProgramUpcoming ICT
Page 47: Call For Papers - ICTACT JOURNALSAn

Volume 1 - Issue 8 - ICTACT.IN

Create successful ePaper yourself

Delete template?

Save as template?