Transcription
Security operating center
Past01Throughout 2015.PandaLabs detectedmore than 230,000malware samples on adaily basis.02During 2016.,governmentinstitutions, retailchains and techindustry have suffereda total of 95% of allbreaks in the system,globally – ForestterReport0304In 2017. 65% of all USattacks targeted smalland medium business– Kessler CorpIn 2018, 65% of allsystem breaks werediscovered monthsafter the fall - Databreach IG Verizon
What is the current situationlooks like? Kaspersky cyber attack map Norse map Checkpoint Fortinet IBM itd
Near future01020304By 2020, a source ofone-third ofsuccessful attacks onIT resources willemerge within thecompaniesthemselves.By 2020, 99% of thecauses of an attack onexisting IT resourceswill be viruses,malware, andRansomware, all lessthan a year old.By 2020, attacks on IoTdevices will increasethe annual securitybudget by 20%compared to 1% usedin 2015.By 2019, cloud datastorage will lead to anincrease of massidentity thefts.Gartner 2017.Gartner 2017
Solutions?
0102030405Virtual SOCMultifunctionalSOC/NOCOutsourced SOCDedicated SOCSOC CommandCenterSOC- Models
EU LegislationThe European Union Agency for Network and Information Security (ENISA) 2004The ePrivacy Directive and the General Data Protection Regulation 2016 – GDPRlegal frameworkThe Directive on security of network and information systems (NIS Directive)2016 - the basic legal framework that brought forth more laws related tocyber securityCyber security Act 2018 – set of measures for cyber security protection
Serbia LegislationLaw on Electronic Communications 2010, 2013, 2014 - Articles 124. and 125. definesthe obligation to report security incidentsLaw on Information Security 2016 – Articles 11-19 defines the obligation to reportsecurity incidents. Creation of CERTs for telecommunication operators, thefinancial sector, the army, the police, etc. has also been defined. Definition ofCERTs competence and responsibilities within the state system.Law on Critical Infrastructure – under preparation, drafted according to The Directive on security ofnetwork and information systems (the NIS Directive)The NIS Directive from 2016 defines the obligations of appointing competentauthorities as service providers of general interest, by sectors: energy (electricity,oil, gas), transport (air, road, rail, water), health, drinking water supply, bankingand financial markets, digital infrastructure (IXP, DNS services, TLP registers).
tailChainsHealth CareFinance
OrganizationModel:123Dedicated SOCOutsourced SOCMultifunctionalSOC/NOC SNOC
SIEM (securityinformation and eventmanagement)SOC BasicComponents:Threat inteligenceCSIRT (Computer SecurityIncident Response Team)SOC (security operatingcenter)SOAR(Security Orchestrationand Automated Responseili Security Operations,Analytics and Reporting
Defense
SOC -TechnicalScheme ofServices –Palo Alto Model SOC uses Palo Alto solutions. The service is fully automated. Direct manufacturer support. Employees maintain devices and licenses.
Defense ofusers The picture shows thearchitecture of the systemfrom the user to the Internet.The firewall device in front ofthe router defends the userand its devices. SOC defends all the user’sdevices behind the firewalldevice.
Services01020304Hybrid MSSP:The user has his SIEM,or wants his SIEM withhim, or wants tointegrate or/andsurrender managementof MSSP SOC.MSSP: The user does notwant to install SIEMlocally and wants theSOC to manage networksecurity. In that caseSIEM is in SaaS.Automation of FWmanagement iscustomized perclientrequirements.Tracking other systemsthrough infrastructuralCyber platforms such asSCADA (SupervisoryControl and DataAcquisition System).
Alarms & RemoteAdministrationHybridMSSP:Customer’s AlienVaultUSM ServerLoggerSensorsSecurity DataAlienVault MSSPFederation ServerCustomer Environment
Federation ServerOverview ofuserinfrastructurefrom multiplelocations
Thank you!
MSSP: The user does not want to install SIEM locally and wants the SOC to manage network security. In that case SIEM is in SaaS. . Cyber platforms such as SCADA (Supervisory Control and Data Acquisition System). AlienVault MSSP Federation Server Customer Environment Security Data Alarms & Remote Administration Customer's AlienVault USM .
