What You Need to Adopt an Intelligence Driven SOC

Profile image for pankaj1251
July 17, 2017 | Views: 1904

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

In the last three years, the proliferation in the growth of active threat actors such as polymorphic attacks and availability of sophisticated hacking tool has rapidly impacted the security posture and expenditure of any size organization. The driving factor for adoption of the next generation SOC is a constantly changing environment, adopting a more cloud-centric approach, and adopting the Internet of Things (IoT) and mobile technologies. To detect and prevent the environment from such types of attacks, security operations center (SOC) has to be adaptive, context-aware components and intelligent to new realities and taking altogether a new approach to preventing the inevitable breach. Therefore, organizations must switch to a continuous monitoring mindset, where threats and vulnerabilities are prioritized, and focus is given to mitigating and resulting damage from an attack.

That is where a new termed has coined “intelligence-driven SOC( ISOC)” which is much beyond the traditional SOC. Incidentally, the idea of ISOC came as many “outdated” SIEM platforms can’t handle the enormous amount of data we are pumping in. Also, recent ransomware attacks such as “wannacry,” “Petya,” and few other vectors made the situation worse, while at the same time organization has pressure to meet regulatory compliance and data breach coming into the picture creating panicking kind of situation to any organization. Plus, the requirement is to ingest data from unique and different types of the platform that require customized analysis and take proactive steps to detect, respond and mitigate attack.

Also, a recent report from Gartner shows that, by 2020, intelligence-driven security operations (ISOC) centers will rise from less than 10% to 40%. With an adaptive, dynamic architecture and context-aware components built in, ISOC can evolve as scope changes that focus on security operations activities continuously. Nevertheless, ISOC is much more than the preventive tools and controls such as network-defence, event-based monitoring and more focused towards detection and response. The primary purpose of ISOC is to use intelligence technique for every aspect of security operations and move beyond the traditional defenses.

One of the important aspects of intelligence-driven SOC must be thought out before implementation. Essentially, day-to-day mundane operation task should be automated as much as possible with human augmented decision support systems so that monitoring team can focus more on advanced investigation, threat hunting, mining threat data etc. but this has to handle cautiously. As an instance, an automated system should not block authorized firewall traffic because they see a suspicious behavior in traffic.

My point of view is rather than automation, organization must think of blend of automation and human intervention into the whole workflow so that before your automated system take a severe step, such as blocking the authorized traffic which could have potential business impact or productivity loss. Over and above, your process and workflow must support your operation and continually improve which eventually, will give you an edge in remediation of attack if it infiltrate into your organization.

Share and Earn Cybytes
FacebookTwitterGoogle+LinkedInEmail
Save
+1
2
0
Use Cybytes and
Tip the Author!
Join
Share and Earn
Cybytes
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Be the Best at Whatever You Do.
We Have the Tools to Get You There.
Visit the NEW Marketplace of Over 500 Skill Enhancement Tools.
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel