Building a smart soc strategies by HappiestMinds

Building a Smart SOC: Strategies

Happiest People Happiest Customers

Contents Introduction..................................................................................................................................................3 Building and taking an SOC to maturity the smart way...............................................................................4 Optimize the three key aspects: people, processes, and technology ........................................................4 Conclusion...................................................................................................................................................5 About the Author..........................................................................................................................................6

Introduction Despite heavy investment in security solutions, data breaches and cyber attacks continue to impact business. This emphasizes the need for improved incident detection and mitigation, to enable enterprises to respond rapidly to an intrusion and lessen business impact. The optimal way to address this requirement is to set up a Security Operations Center (SOC) that leverages all the security-related information generated within the enterprise to offer a centralized and holistic view of the security organization. An SOC aggregates, analyzes, and optimizes the usefulness of all the security data generated by various devices and perimeter-based point solutions (firewalls, IPD systems, etc.) to provide continuous threat detection and response capabilities in near real time. SOCs prioritize events, generate automated alerts and detailed forensic reports, and effect rapid remediation to reduce business risk and downtime. Additionally, they can assist in compliance reporting by facilitating quick access to threat intelligence and identity and access control data, and by enabling sophisticated analytics.

Building and taking an SOC to maturity the smart way Building an SOC is not a one-time effort; rather, it is an iterative process necessitating incremental improvements to your threat intelligence mechanism, based on the security information gathered. Here are some smart strategies to build a smart SOC: • Define the primary objectives and functions of your SOC—the different areas under its purview and the business problems that it will solve. • Assess existing security operations and procedures in order to align your technology to your security program and to map out improvement measures. • Study the technical environment that you operate in to better comprehend possible threats and attacks. • Define ‘normal’ through baselining the aggregated data to establish expected behavior and thus signal any deviation. This will assist in prioritizing threats and boosting the accuracy of the alerting mechanism. • Integrate your SOC with the rest of your business to offer an enterprise-wide view of security.

Optimize the three key aspects: people, processes, and technology However, an SOC is more than just security tools or analysts. A critical aspect of SOC design is the optimization of the triad of people, processes and technology, and their interactions. Investing in sophisticated security solutions will offer compre-hensive protection to your network, but tools are only as good as the people using them. Hence, the investment you make in people is as, if not more important. In the same vein, the best security analysts will fall short of providing a holistic view of the organizational security posture without adequate tools at their disposal. Underlying the two—people and technology—is the need for well-defined processes and workflows. Building an SOC, thus, requires seamless communication between the different functions, disparate security products and the numerous processes and procedures. The table below shows how each aspect of this triad can be optimized.

People People

Processes

Technology

When defining the role of your security team, identify the skill sets required to achieve your goals, including the number of security personnel you need.

Well-documented processes provide a holistic view by detailing the workflow of the different security functions. Documents defining the appropriate procedures to follow in case of a breach are as critical as the development of use cases for threat scenarios.

An effective monitoring solution continuously monitors and aggregates security information from all endpoints, the network, and logs, to detect events of interest and to aid forensic investigation.

An organization can choose to either set up an in-house enterprise SOC or outsource the service to a Managed Security Service Provider (MSSP). Each route has its own advantages and disadvantages and the enterprise must decide what works best for its needs and resource availability.

Detailing repeatable procedures allows for the standardization of actions expected on a routine basis so that no aspect of security investigations is overlooked. Additionally, setting up an incident management workflow allows for the clear delineation of responsibilities and measures to be taken based on the eventâ&#x20AC;&#x2122;s criticalityâ&#x20AC;&#x201D;sending out an alert, immediate remediation, or escalation to Tier 2, for instance.

Ensure compatibility of the different technologies, and break down the silos between disparate tools (SIEM and an incident management solution, for instance).

Invest in analyst training on standard security skills and solutions, as well as the specific needs of your industry. Analysts should also be aware of company security policies and the processes in place, and effective communication techniques and methods.

ncorporate processes to ensure compliance to regulations.

Big Data enables security tools to crunch data from various end-points and internal networks, while gathering threat intelligence from the external environment. This leads to enhanced visibility into anomalies, threats, and intrusions.

SIEM systems strengthen SOC capabilities by facilitating the detection of events of interest through a real-time analysis of security information and by analyzing log records and data aggregated from various sources. Additionally, they provide actionable intelligence to deal with evolving cyber security threats.

Optimizing the interaction of people, processes and technology will optimize SOC functioning. Technology, for instance, can be deployed to manage resource gaps by automating labor-intensive functions that do not require manual overview. Automation frees up human resources to focus on high-priority tasks and on risks that have maximum business impact. Or, having detailed and well-defined workflows in place can allow for the effective allocation of analysts where they are most needed. As mentioned at the beginning, designing and building an SOC is an iterative process that makes incremental efforts to guide the SOC to maturity. Mature SOCs are capable of leveraging threat intelligence from past events, combining these with security information from the technical environment and industry trends, to deliver rapid, efficient, seamless and contin-uous threat detection and remediation capabilities.

About the Authors Vijay Bharti heads the Cyber Security practice at Happiest Minds Technologies Pvt. Limited. He brings in more than 15 years of experience in the area of IT Security across multiple domains like Identity and Access Management, Data Security, Cloud Security and Infrastructure Security. His recent work includes building Security operation center frameworks (including people, processes and various SIEM technolo-gies) where he is working on building an integrated view of security and ways of leveraging advance analytics and big data innovations for cyber security Vijay Bharti

Happiest Minds Happiest Minds enables Digital Transformation for enterprises and technology providers by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of disruptive technologies: big data analyt-ics, internet of things, mobility, cloud, security, unified communications, etc. Happiest Minds offers domain centric solutions applying skills, IPs and functional expertise in IT Services, Product Engineering, Infrastructure Management and Security. These services have applicability across industry sectors such as retail, consumer packaged goods, ecommerce, banking, insurance, hi-tech, engineering R&D, manufacturing, automotive and travel/transportation/hospitality. Headquartered in Bangalore, India, Happiest Minds has operations in the US, UK, Singapore, Australia and has secured $ 52.5 million Series-A funding. Its investors are JPMorgan Private Equity Group, Intel Capital and Ashok Soota.

This Document is an exclusive property of Happiest Minds Technologies Pvt. Ltd 612