operations - All Articles - CISO Platform2024-03-29T02:24:37Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/operations5 easy ways to build your personal brand !https://www.cisoplatform.com/profiles/blogs/building-a-world-class-proactive-integrated-security-and-network-2016-04-04T07:00:00.000Z2016-04-04T07:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span class="font-size-5">Building a World-Class Proactive Integrated Security and Network Ops Center</span></p>
<p><span>The SNOC (Security & Network Operations Center) is a cost-effective, world-class, proactive integrated function that leverages and optimizes your current NOC members while hiring a minimal number of additional security professionals. Learn how to use the SNOC framework to transform your existing NOC into a single effective team that is responsible for both network and security functions.</span></p>
<p></p>
<p></p>
<p><span class="font-size-5">Speakers</span></p>
<p><strong><span>Hanna Sicker </span></strong><span>( <span><a class="in-cell-link" href="http://twitter.com/SNOCgirl" target="_blank">@SNOCgirl</a> ) </span></span></p>
<p><span><span><span>Sr. Manager, Security and Network Operations Center, StubHub (an eBay company)<br /> <br /> Hanna Sicker has over 25 years of technical and management experience, including 10 years in information security operations. As a SOC/NOC manager, Sicker oversees a team of SOC analysts and NOC Engineers who provide support to all StubHub sites. Possessing expertise across a broad range of security technologies, Sicker has extensive experience in site operations, incident response management, predictive risk analysis, SIEM, network access control, network performance, security monitoring and anti-malware. She holds CISM and CISSP certifications with a degree in Computer Science.</span></span></span></p>
<p></p>
<p><span class="font-size-5">Detailed Presentation:</span></p>
<p><span class="font-size-6"> </span></p>
<p><iframe width="595" height="485" src="//www.slideshare.net/slideshow/embed_code/key/aupJzwOVyNIAY3" frameborder="0"></iframe>
</p>
<div style="margin-bottom:5px;"><strong><a href="//www.slideshare.net/cisoplatform7/building-a-worldclass-proactive-integrated-security-and-network-ops-center" title="Building a World-Class Proactive Integrated Security and Network Ops Center" target="_blank">Building a World-Class Proactive Integrated Security and Network Ops Center</a></strong> from <strong><a target="_blank" href="//www.slideshare.net/cisoplatform7">Priyanka Aash</a></strong></div>
<div style="margin-bottom:5px;"></div>
<div style="margin-bottom:5px;"><strong>(Source: RSA USA 2016, San Francisco)</strong></div>
<p></p>
<p><span class="font-size-4"><a href="http://event.cisoplatform.com/quick-member-sign-up-content/" target="_blank"><img width="750" src="{{#staticFileLink}}8669803085,original{{/staticFileLink}}" class="align-center" alt="8669803085?profile=original" /></a></span></p>
<p></p>
<p></p>
<p></p>
<p></p>
<p></p></div>Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration (RSA Conference 2016)https://www.cisoplatform.com/profiles/blogs/integrated-security-operations-center-isoc-for-cybersecurity-coll2016-04-04T07:00:00.000Z2016-04-04T07:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span class="font-size-5">Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration</span></p>
<p><span>This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.</span></p>
<p></p>
<p></p>
<p><span class="font-size-5">Speakers</span></p>
<p><span><strong>Timothy Lee</strong> ( <span><a class="in-cell-link" href="http://twitter.com/tswlj316" target="_blank">@tswlj316</a> )</span></span></p>
<p><span><span><span>Timothy Lee is the Chief Information Security Officer at the City of Los Angeles. He is responsible for overall cybersecurity policies and initiatives for America’s second largest city. One of those initiatives is the City’s first Integrated Security Operations Center (ISOC). His work affects all 40 City of Los Angeles departments. Prior to his current position, Lee was the CISO at the Port of Los Angeles where he established the Port’s cybersecurity program and was the project manager for the Cyber Security Operations Center (CSOC), which won the 2015 American Association of Port Authorities IT Award of Excellence. He has a total of 20 years of experience in information security, network and telecommunication field and has spoken at several conferences.</span></span></span></p>
<p></p>
<p></p>
<p><span class="font-size-5">Detailed Presentation:</span></p>
<p></p>
<p><iframe width="595" height="485" src="//www.slideshare.net/slideshow/embed_code/key/vJSyMkEsbAiHQ0" frameborder="0"></iframe>
</p>
<div style="margin-bottom:5px;"><strong><a href="//www.slideshare.net/cisoplatform7/integrated-security-operations-center-isoc-for-cybersecurity-collaboration" title="Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration" target="_blank">Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration</a></strong> from <strong><a target="_blank" href="//www.slideshare.net/cisoplatform7">Priyanka Aash</a></strong></div>
<div style="margin-bottom:5px;"></div>
<div style="margin-bottom:5px;"><strong>(Source: RSA USA 2016, San Francisco)</strong></div>
<p></p>
<p><span class="font-size-4"><a href="http://event.cisoplatform.com/quick-member-sign-up/" target="_blank"><img width="750" src="{{#staticFileLink}}8669803288,original{{/staticFileLink}}" class="align-center" alt="8669803288?profile=original" /></a></span></p>
<p></p>
<p></p>
<p></p>
<p></p>
<p></p></div>Building a Successful Security Operations Center (SOC) - CISO Platformhttps://www.cisoplatform.com/profiles/blogs/security-operations-building-a-successful-soc2017-04-24T07:00:00.000Z2017-04-24T07:00:00.000ZGireesh Kumarhttps://www.cisoplatform.com/members/GireeshKumar<div><p>This paper outlines industry best practices for building and maturing a security operations center (SOC). For those organizations planning to build a SOC or those organizations hoping to improve their existing SOC, this paper will outline the typical mission parameters, the business case, people considerations, processes and procedures, as well as the technology involved.</p><p>In depth understanding including graphical representation and process flow diagrams.</p><p><span class="font-size-3"> </span></p><p><span class="font-size-5"><a href="https://docs.google.com/forms/d/e/1FAIpQLSd6t7f7QIqQfHJHYy63vtixJ5eeSxCea4ifbXQmlG43SbRvVw/viewform?usp=pp_url&entry.1314641054&entry.860340838&entry.1152023233&entry.659253397&entry.483279890&entry.1073040604" target="_blank">>> Download the Complete Report</a></span></p><p></p><p></p><p></p><p><span class="font-size-5"><strong>Why Read The Report ?<br /> <br /></strong></span></p><ul><li>Get an end to end structure of building an SOC including people, process, technologies</li><li>In depth analysis & strategies on staffing, technology, tools, processes, procedures, data collection</li><li>Is MSSP the right choice over SOC ? MSSP Vs SOC</li><li>Event Detection Vs Event Analysis</li><li>In depth process flow for the SOC</li><li>Choosing the Right Technology For Data Collection and Aggregation</li></ul><p></p><p><br /> <span class="font-size-5"><a href="https://docs.google.com/forms/d/e/1FAIpQLSd6t7f7QIqQfHJHYy63vtixJ5eeSxCea4ifbXQmlG43SbRvVw/viewform?usp=pp_url&entry.1314641054&entry.860340838&entry.1152023233&entry.659253397&entry.483279890&entry.1073040604" target="_blank">>> Download the Complete Report</a></span></p></div>Report : State of Security Operations (2017 Report Of Capabilities & Maturity Of Cyber Defense Organisations)https://www.cisoplatform.com/profiles/blogs/soc-report-2017-capabilities-maturity-cyber-defense-organization2017-05-30T12:00:00.000Z2017-05-30T12:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>Organizations around the globe are investing heavily in cyber defense capabilities to protect their critical assets. Whether protecting brand, intellectual capital, and customer information or providing controls for critical infrastructure, the means for incident detection and response to protect organizational interests have common elements: people, processes, and technology.</p>
<p><br /> The maturity of these elements varies greatly across organizations and industries. In this fourth annual State of Security Operations report, Hewlett Packard Enterprise provides updates to the current and emerging capabilities, best practices, and performance levels of security operations as learned from the assessment of organizations around the globe.</p>
<p><a href="{{#staticFileLink}}8669819287,original{{/staticFileLink}}"><img width="750" src="{{#staticFileLink}}8669819287,original{{/staticFileLink}}" class="align-full" alt="8669819287?profile=original" /></a></p>
<p></p>
<p><span class="font-size-4"><a href="https://docs.google.com/a/firecompass.com/forms/d/e/1FAIpQLSeQm2kz8q09OI-MRnuCm2hOSmssb2O4yb5T1L_H_Uy2P09lUQ/viewform" target="_blank">>> Download Report</a></span></p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-5">Why Read This Report ?</span></strong><br /></p>
<ul>
<li>SOC Struggles (Industry Wise)<br /><br /></li>
<li>Commercial vs Open Source Tools in Security Operations<br /></li>
<li>Regional & Industry trends (Healthcare, Government, Financial, Telco etc.)<br /></li>
<li>Finding for each category - People, Process, Technology, Business in SOC<br /></li>
<li>Summary Of Findings</li>
</ul>
<p></p>
<p><span class="font-size-4"><a href="https://docs.google.com/a/firecompass.com/forms/d/e/1FAIpQLSeQm2kz8q09OI-MRnuCm2hOSmssb2O4yb5T1L_H_Uy2P09lUQ/viewform" target="_blank">>> Download Report</a></span></p>
<p></p>
<p></p>
<p></p>
<p></p></div>Advanced Security Operations Centre (SOC) - Features & Technical Capabilitieshttps://www.cisoplatform.com/profiles/blogs/security-operations-centre-soc-features-technical-capabilities2017-07-01T22:30:00.000Z2017-07-01T22:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span>This gives a glimpse of Advanced Security Operations Centre (SOC) Features &amp;amp; Technical Capabilities. This document is not explicit, it assumes you have…</span><br /><br />This was presented at <a href="https://www.sacon.io/?utm_source=CPBlogASOC&utm_medium=BannerImg&utm_campaign=SACON_Bang2017_PreReg" target="_blank">SACON</a> and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are in order, you can pre-register/register for special deals and/or notifications <a href="https://www.sacon.io/?utm_source=CPBlogASOC&utm_medium=BannerImg&utm_campaign=SACON_Bang2017_PreReg" target="_blank">here</a> . You can check out the complete presentation <a href="http://www.cisoplatform.com/profiles/blogs/soc-architecture-tech-stack-process-org-structure-people-skills" target="_blank">here</a></p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/soc-features-technical-capabilities" target="_blank"><img width="690" src="{{#staticFileLink}}8669803265,original{{/staticFileLink}}" class="align-full" alt="8669803265?profile=original" /></a></p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-6">Advanced Security Operations Centre (SOC) Features</span></strong></p>
<p></p>
<ul>
<li>Threat Assessment & Hunting<br /> <br /><ul>
<li>Knowing threats & adversaries</li>
<li>Their tools & methods</li>
<li>Critical assets for targets</li>
<li>Existing controls & weaknesses</li>
<li>Monitoring presence, IOC,Management & Hunting</li>
</ul>
</li>
</ul>
<p></p>
<p></p>
<p></p>
<ul>
<li>Threat Intelligence<br /> <br /><ul>
<li>Internal threat intelligence</li>
<li>External threat intelligence</li>
<li>Application of threat intelligence</li>
<li>Automated consumption of threat intelligence (automated SIEM rules/runbook)</li>
</ul>
</li>
</ul>
<p></p>
<p>( Do More : Workshops on SOC, Threat Intelligence, Threat Hunting, Incident Response. To get notifications on the workshop session, keynote speaker etc. Register <a href="https://www.sacon.io/?utm_source=CPBlogASOC&utm_medium=BannerImg&utm_campaign=SACON_Bang2017_PreReg" target="_blank">here</a> )</p>
<p></p>
<p></p>
<ul>
<li>Situational Awareness<br /> <br /><ul>
<li>Context and enrichment</li>
<li>Visibility</li>
</ul>
</li>
</ul>
<p></p>
<p></p>
<p></p>
<ul>
<li>Security Analytics<br /> <br /><ul>
<li>Behavioral profiling for users & systems</li>
<li>Database searches & statistical modeling, reporting & visualization</li>
<li>Forensics capability</li>
</ul>
</li>
</ul>
<p></p>
<p></p>
<p>( Read more : <a href="http://www.cisoplatform.com/profiles/blogs/security-incident-event-management-siem-framework-for-product-eva" target="_blank">Security Incident & Event Management (SIEM) Framework For Product Evaluation</a> )</p>
<p></p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-6">Advanced Security Operations Centre (SOC) - Technical Capabilities<br /> <br /></span></strong></p>
<ul>
<li>Data collection capabilities & compliance benefits of log management</li>
<li>The correlation, normalization and analysis capabilities of SIEM (Security Incident & Event Management)</li>
<li>The network visibility and advanced threat detection of NBAD (Network Behaviour Anomaly Detection) and user behaviour anomaly detection (UBA) by machine learning</li>
<li>The ability to reduce breaches and ensure compliance provided by Risk Management</li>
<li>The network traffic and application content in sight afforded by Network Forensics</li>
<li>The automation of Incident Response by Artificial Intelligence/ Run Books</li>
<li>IOC / VM Management by Threat Intelligence</li>
<li>Reporting & Visualization provided by Presentation Layer</li>
</ul>
<p></p>
<p>SIEM as a platform should be a truly integrated solution built on a common codebase, with a single data management architecture and a single user interface.</p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-6">Did you know you could compare all SOC/SIEM products and vendors on a single platform instantly ?</span></strong> </p>
<p><span>You could compare and discover the SIEM products <a href="https://www.firecompass.com/security/market/SIEM?market_name=Security%20Information%20and%20Event%20Management" target="_blank">here</a>. <a href="https://www.firecompass.com/?utm_source=CPBlogASOC&utm_campaign=FCEU" target="_blank">FireCompass</a> is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. <strong>Grab your FREE Account Now</strong> (For a Limited Time ONLY)………</span><a href="https://www.firecompass.com/?utm_source=CPBlogASOC&utm_campaign=FCEU" target="_blank">Claim Your Free Account Now By Signing Up</a></p>
<p></p>
<p>Do write to us at pritha.aash@cisoplatform.com if you'd like us to cover some topics, we'll add it to our research plan.</p>
<p></p>
<p></p>
<p></p></div>SIEM Tools: Implementation Guide and Vendor Evaluation Checklisthttps://www.cisoplatform.com/profiles/blogs/siem-tools-implementation-guide-and-vendor-evaluation-checklist2014-09-16T13:00:00.000Z2014-09-16T13:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p> </p>
<p><span class="font-size-4">Current Project Synopsis:</span></p>
<ul>
<li>Responsible for Information Security of next generation mobile and fixed broadband networks (LTE/WiFi/FTTx) with All-IP networks over a cloud based framework for B2C/B2B markets connecting 200 Million 4G LTE, 50 Million Wifi/FTTx subscribers in top 800 cities of India</li>
<li>Jio’s seamless 4G services using FDD-LTE on 1800 MHz and TDD-LTE on 2300 MHz through an integrated ecosystem, aims to provide unparalleled high quality access to innovative and empowering digital content, applications and services.</li>
</ul>
<p>According to Verizon 2013 data breach report, 84% of exploits & 69% of data exfiltration happens in less than an hour so it’s very critical to have situational awareness i.e. visibility into activities occurring around the enterprise. Proper deployment of next generation SIEM (Security Information & Event Management) tools helps to detect attacks sooner and as a result react more nimbly.</p>
<p>SIEM solutions provide enterprises with network security intelligence and real-time monitoring for network devices, systems, and applications. Using SIEM solutions, IT administrators can mitigate sophisticated cyber attacks, identify the root cause of security incidents, monitor user activity, thwart data breaches and most importantly, meet regulatory compliance requirements.</p>
<p>Most organization think that SIEM solutions have a steep learning curve and are expensive, complex and hard to deploy. Here are few SIEM deployment guidelines and factors you need to consider while evaluating an SIEM Tool. The right SIEM solution is one that can be easily deployed, is cost-effective and meets all your IT security needs with a single tool.</p>
<p>(Read more: <strong><a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-evaluate-a-web-application-firewall">Checklist to Evaluate A Cloud Based WAF Vendor</a>)</strong></p>
<p><br /> <span class="font-size-4">SIEM Deployment Guidelines</span></p>
<p>1. Know what is important to security</p>
<ul>
<li>Security Events</li>
<li>Network Flows</li>
<li>Server & Application Logs</li>
<li>Database Activity</li>
<li>Application Contents</li>
</ul>
<p>2. Know what is important to compliance</p>
<ul>
<li>Identity Content</li>
<li>Classification of data</li>
<li>Access to data</li>
<li>Usage of data</li>
</ul>
<p> </p>
<p><br /> <span class="font-size-4">Checklist for SIEM Solution Evaluation</span></p>
<p>1. <strong>Log Collection</strong></p>
<ul>
<li>EPS (events per second) rate at which your IT infrastructure sends events should match with your SIEM tool</li>
<li>Should be able to collect logs from heterogeneous sources (Windows, Unix/Linux, Applications, Database, Network Devices ,Firewalls, IPS, IDS)</li>
<li>Capability of agent-less and agent based log collection method</li>
</ul>
<p>2. <strong>Real Time Event Correlations</strong></p>
<ul>
<li>Proactively dealing with threats based on log search, rules and alerts. Correlation boosts network security by processing millions of events simultaneously to detect anomalous events on the networks</li>
</ul>
<p>3. <strong>Log Retention</strong></p>
<ul>
<li>Capability to easily retrieve and analyze log data</li>
<li>Should automatically archive all log data from systems, devices and applications to a centralized repository.</li>
</ul>
<p>4.<strong> IT Compliance Reports</strong></p>
<ul>
<li>Out of box regulatory compliance of PCI DSS, ISO 27001, SOX, HIPAA etc</li>
</ul>
<p>5. <strong>User Activity Monitoring</strong></p>
<ul>
<li>Out of box user activity monitoring, privileged user monitoring, audit reporting, Know which user performed the action, what was the result of the action. Source & destination address of the systems /devices used.</li>
</ul>
<p>6. <strong>File Integrity Monitoring</strong></p>
<ul>
<li>Capability to monitor business critical files & folders. </li>
<li>Capture details of when files were created, accessed, viewed, deleted, modified, renamed etc.,</li>
</ul>
<p>7. <strong>Log Forensics</strong></p>
<ul>
<li>Capability to track down a intruder or event activity using log search capability</li>
</ul>
<p>8. <strong>Dashboards</strong></p>
<ul>
<li>Capability to take timely actions & right decisions during network / system anomalies</li>
</ul>
<p>9. <strong>Global Threat Intelligence Feeds</strong></p>
<ul>
<li>Capability to get latest global threat intelligence feeds & carrier grade threat intelligence so as to proactively manage threats. Collaboration among organizations to enhance security </li>
<li>Precise solutions for compromised systems and networks</li>
</ul>
<p>10. <strong>Big Data Analytics</strong></p>
<ul>
<li>Capability to forecast threats using big data, Accurate analysis of structured as well as unstructured data</li>
<li>Constant intelligence gathering to strengthen security</li>
</ul>
<p> </p>
<p>-<em>With Binu Chacko, Head of iSoc(Security Operations Center) & Digital Forensics, Reliance Jio Infocomm on 'SIEM Tools: Implementation Guide and Vendor Evaluation Checklist'</em></p>
<p>(Read more: <strong><a href="http://www.cisoplatform.com/profiles/blogs/checklist-pci-dss-implementation-certification">Checklist for PCI DSS Implementation & Certification</a>)</strong></p></div>