We had a community round table with CISOs of top firms to create a tangible community playbook that could be used by the community in the future. We are extremely thankful to the contributors for this playbook.
CISO Contributors
- Dr. Anton Chuvakin, Security Solutions Strategy, Google Cloud
- Bikash Barai, Co-Founder FireCompass, Advisor CISO Platform
- Vijay Kumar Verma, SVP and Head Cyber Security Engineering, Jio Platforms Ltd
- Manoj Kumar Shrivastava, CISO, Future Generali India Insurance Ltd
- Mihirr P Thaker, CISO, Allcargo Logistics Ltd
- Prasenjit Das, CISO, TCS
- Suprakash Guha, General Manager, Lumina Datamatics
- Anwaya Bilas Sengupta, CISO, ERLDC
- Gowdhaman Jothilingam, Sr Manager IT/CISO, LatentView Analytics
- Palanikumar Arumugam, Head Technology, Shiksha Financial Services India Pvt Ltd
- Raghavendra Bhat, Head of Security Validation India, SAP Labs
- Rajeev Mittal, CIO, Endurance Technologies Ltd
- Ashok Kannan, President - IT, Sintex Industries Limited
Key Pointers
- Challenges - Licensing, use cases, log volume optimization - how to outsource? How to select a provider? - refining SOC Practices (operations)
- Mitigation Strategies
Discussion Highlights
1.Major challenges :
- Convince the top management for SOC
- Log volume management
- Management commitment
- Partner outsourcing
- Skill gap & awarness training - people
- Choosing right tool - native with multiple dashboard OR aggregate logs and create correlation use cases and playbooks
- Organizations have assets on various platforms (Jio, AWS, Google etc.)
- Effective building of correlation use cases
- Building SOAR capability on ground
- Maturity of the SOC (measure active response)
2. How to have effective detection and response mechanism built and the right kind of soc or the program where soc is a part of it.
- Many company still are not able to implement soc and that is the major challenges what we are facing
- Lack of convincing the top management on the budget, how we can take it forward and what is the return of investment
- Due to huge logs and without the dedicated team or the central team it is difficult to manage and that's why we get stuck
- Management commitment challenges and the other auxiliary challenges
- SOC are ruined by lack of commitment from executives than by volumes of logs
3. Outsourcing to manage security services whether it's a global firm, we should explicitly drag it to the light
- SOC to be looked at with 2 aspects : need to have tools, people and a processes built around it & one side build protection controls
- SOC is one of the prime area where we measure the active response
- Lack for the vulnerability targeted to the porter
4. Threat landscape
- Log management optimization sources has caused number of soc to crash and not go well
- Detection and Observation comes first and then sources needed
5. Always drill the management crisis, pick up various scenarios and do analysis. How much time it takes for the organization to respond and recover or does the organization have the capability to respond and recover. SOC is the strategy to put things in place
6. We need to have tools, people and process around a successful SOC. Protective controls involve Firewall, EDR etc. An effective SOC allows you to validate if your protective measures are working well.
Comments