Online Security, Safety, Tips, Compliance, Standard
IT Security
Security Operation Center (SOC) Framework – Setting up SOC
Oct 27th
1) Security Information and Event Management (SIEM) Event Monitoring Event Identification Alert Generation 2) Security Device Management Problem Management Change Management Incident Management Configuration Management Performance Management – co exist with NOC 3) Security Incident Management Incident Analysis Response Post Incident Activity 4) Vulnerability Management Vulnerabilities Monitoring Remediation Planning Security Patch Management Advisory Services 5)
The Needs of Correlation Engine(CE) within SIEM
Oct 26th
Correlation Engine (CE) is known as the brain for SIEM, its aggregates, normalizes correlates and analyzes event log data from the myriad of devices within your infrastructure. So, why CE is so important for us in getting the full visibility of our network? Let me give you one example:- 1) Normal IDS will catch the
Security Operation Center – Roles and Function
Oct 25th
Roles: Management & Monitoring of Security device like firewalls, IDS/IPS & Antivirus. Analyze security log data, vulnerability information, asset information, and alerts Immediately respond to potential security threats and quickly resolve security problems Offer real-time views of security postures of organization. Vulnerability assessment & reporting Functions: Development of IS policies, Implementation of necessary tools/systems and
Security Operation Center (SOC) vs Network Operation Center (NOC)
Oct 24th
Why we should separate the function and operation of SOC and NOC? In summary we can say that:- •Work is tremendously different • Separation of duties • Actions at time of contingency But can we say that both SOC and NOC can be used to compliment each other? The integration of the SOC and NOC allows organizations to quickly
Security Operation Center – Main Concepts & Elements
Oct 23rd
Main Concept Security Operation Center is a system that includes facilities, technology, process and persons in order to protect information assets The main functions than SOC provide are: Detection and Reaction Incident Management Infrastructure Management Centralized auditing functions (vulnerability scanning, SLA monitoring, compliance monitoring…) Elements People – SOC Operators, Incident Management teams, Expert Analyst & Investigators
Security Operation Center – Motivation
Oct 22nd
I’ve been in Security Operation Center (SOC) business for almost 6 years, so if you ask me what is the actual motive for building up a SOC (multi million project)? I would say:- 1) Regulation •SOX & PCI • Incident response requirements • Incident forensic & Archival requirements 2) Profitibility •OPEX reduction •Efficient capital utilization •Ability to
Security Operation Center – Why we need one?
Oct 22nd
1) Security Information Overload: Managing security events in today’s corporate environment poses a series of challenges for beleaguered IT personnel and their organizations. A daily onslaught of security data from disparate systems, platforms and applications delivers the first challenge. Numerous point solutions such as antivirus software, firewalls, intrusion prevention systems, intrusion detection, access control, identity
Defining Severity Level for Incident Handling Process
Oct 21st
During the incident handling process, the severity levels to describe the impact of problem to client are dedicated as below: Severity Level 1 (Very High) Loss of service. Client experiences a total loss of service, which cannot be circumvented. Fault affecting all users. Severity Level 2 (High) Service degraded. Client’s service is partially interrupted, or