Tuesday, February 19, 2019

SOC (security operations center)

Building a Security Operations Center
building a SOC requires collaboration and communication among multiple functions (people), disparate security products (technology), and varying processes and procedures (processes)
https://finland.emc.com/collateral/white-papers/rsa-advanced-soc-solution-sans-soc-roadmap-white-paper.pdf


  • The Five Characteristics of an Intelligence-Driven Security Operations Center



Key Challenges
Traditional security operations centers:
Rely primarily on prevention technologies, and rule and signature-based detection mechanisms that require prior knowledge of attacker methods, both of which are insufficient to protect against current threats
Treat intelligence (TI) as a one-way product to be consumed, rather than as a process, leading to an intelligence-poor security strategy
Treat incident response as an exception-based process, versus a continuous one

Recommendations
Adapt a mindset that is based on the assumption that they have already been compromised

an intelligence-driven SOC approach with these five characteristics:
use multisourced threat intelligence strategically and tactically;
use advanced analytics to operationalize security intelligence
automate whenever feasible
adopt an adaptive security architecture
proactively hunt and investigate


https://www.ciosummits.com/Online_Assets_Intel_Security_Gartner.pdf
  • An information security operations center (or "SOC") is a location where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended.
https://en.wikipedia.org/wiki/Information_security_operations_center
Security Operations Center (SOC) - DIY or Outsource?
Discover ideas about Security Solutions
DTS Solution - Building a SOC (Security Operations Center)
What is a Security Operations Center (SOC)?
SOC Team Presentation 1 - Security Operations Center
Security Operation Center - Design & Build
  • network operations center(NOC) is one or more locations from which control is exercised over a computer, television broadcast, or telecommunications network.

Fortinet Security Fabric
Splunk: Using Big Data for Cybersecurity
Splunk Inc. provides the leading software platform for real-time Operational Intelligence.
How to configure Splunk Log Forwarder in McAfee ESM If you will be forwarding events from various devices through a syslog relay 
Enterprise Security
(TVM) Threat and Vulnerability Management
(SOIR) security operations incident response


Real-Time Big Data Processing with Spark and MemSQL
Data Lake 3.0, Part II: A Multi-Colored YARN 
Best Practices for Building a Data Lake with Amazon S3
  • You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. 
Machine-generated data is one of the fastest growing and complex areas of big data. It's also one of the most valuable, containing a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more. Splunk turns machine data into valuable insights no matter what business you're in. It's what we call Operational Intelligence
http://www.splunk.com/
  • Welcome to Apache Flume

Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. It has a simple and flexible architecture based on streaming data flows. It is robust and fault tolerant with tunable reliability mechanisms and many failover and recovery mechanisms. It uses a simple extensible data model that allows for online analytic applicatio
https://flume.apache.org/
Flume Architecture
Real Time Data Processing using Spark Streaming
Why Lambda Architecture in Big Data Processing

  • What is OpenSOC?

OpenSOC is a Big Data security analytics framework designed to consume and monitor network traffic and machine exhaust data of a data center. OpenSOC is extensible and is designed to work at a massive scale.
The OpenSOC project is a collaborative open source development project dedicated to providing an extensible and scalable advanced security analytics tool. It has strong foundations in the Apache Hadoop Framework and values collaboration for high-quality community-based open source development
http://opensoc.github.io/
Navigating the maze of Cyber Security Intelligence and Analytics

  • Fluentd is an open source data collector for unified logging layer.

Fluentd allows you to unify data collection and consumption for a better use and understanding of data
https://www.fluentd.org/
Building an Open Data Platform: Logging with Fluentd and Elasticsearch
Cloud Data Logging with Raspberry Pi


6 comments:

  1. Nice blog... Big data security analytics define the benefits of this approach, examine use cases, and see how security big data analytics works.

    ReplyDelete
  2. I think you would also be interested in application security testing , its categories and ethics etc.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete