Building the Security Operations Center (SOC)


Whether defending against common malware or some determined Nation State, being able to proactively detect attacks and changes in the organization are required.  The past year I spent a large amount of time helping several organizations setup and put in place the right people, processes, and technology to help defend against increasing security threats.  Although many organizations spend millions of dollars on technology and hire staff to monitor security 24/7 the organizations were still lacking two fundamental items.

  1. The people although good at monitoring lacked the attack and threat mind set.  The staff was not able to figure out when an actual attack was happening.
  2. Second the organizations lacked the basic security operations processes required to keep track and make appropriate use of the vast amounts of data.

As a result I spent the past few months developing a whitepaper that specifically addresses the primary components of a SOC, which can be used to help organizations setup a centralized core and embark on developing the correct operational processes.  Although I don’t address item number one above, this paper explains in detail the following.

  • Defining the SOC
  • Determining the Processes
  • Understanding the Environment that needs protected
  • Identifying the SOC Customers
  • Staffing the SOC
  • Managing the Events
  • Leveraging ITIL compliance

Creating and Maintaining a SOC – The details behind successful Security Operations Centers

If your organization is under attack and you have invested in more people and technology be sure to implement the right processes and build a foundation for future defense.

Advertisements

Get Your Daily Security Feed


There has been a large amount of security information and recent attacks posted in the media.  We have Mandiant’s report on China as well as several issues concerning Java.  The pure volume of information over the past year has made it difficult to keep up without a combination sources.  As a result InfoSecAlways has done a few modifications to the site.  Please check out the new “Security Feeds” in the right column (4th Block Down).  This is a combination of about 20 different security RSS feeds piping into the blog now.  You can check the site daily to get the latest news and updates in the industry.

Also, check out the links page as there are several new Threat and Vulnerability links added.  These are great if you are looking for specific attacks, breaches, or threats.

OwNd by EXIF – Understand What You Leave Behind


Who are you, Where are you, What are your habits?  It’s no secret these days that your entire life is tracked one way or another, especially if you live in the US.  Your bank knows how much you pay for electricity, what foods you eat, and where you buy gas.  The search engines and social media sites know what you are looking for, what you like, and what your friends like.  And if you were not aware, those photos posted all over the internet provide detail about where you are at a particular time.

Forensic evidence analysis of logs and metadata provide the authorities and criminals everything they need to know.  Look at the CBS local news article from earlier this year that is linked below.  It explains how a suspected member of Anonymous sent a photo to the FBI, which ultimately led to an arrest.

http://houston.cbslocal.com/2012/04/13/anonymous-hacker-busted-by-fbi/

What about your kid’s photos?  Look at this example posted by the FBI in 2011.

http://www.fbi.gov/news/stories/2011/december/cyber_122211

Masquerading IP addresses, eliminating log traces, scrubbing tags, and hiding metadata, these are all key skills every hacker or concerned parent must understand.  These skills are not new to those in the hacker community. EXIF news postings have been around for years, however with all the new avenues of media and mobile devices anyone can be caught off guard.  Therefore, caution leaving unknown tracks and understand what your kids may be posting online.

In terms of EXIF there are tools such as Pixelgarde that can change or remove geo tags on your Android and IOS devices. 

http://pixelgarde.com/

Also most mobile phones have features to disable the GPS tracking, but sometimes these features are also used for tracking stolen devices.

Crypto, Encryption, DLP, and Privacy Laws


Doing a project that requires knowledge of international crypto laws.  Here is a great resource that has captured information from several sources and put it on a Google map. 

http://mcaf.ee/cryptolaw

How about trying to figure out all those privacy laws for DLP?  Here is another map by Simon Hunt for detailing the major international DLP related privacy laws.

http://mcaf.ee/dlplaws

Take a look at the DLP map below.