The journey towards an Advanced Security Operations Centre (SOC)

Friday, 1 February 2019 00:00 -     - {{hitsCtrl.values.hits}}

 


Another highly successful completion of an end-to-end SOC workshop was hosted by Just In Time Group (JIT) in collaboration with RSA Security at the 11th Annual National Conference on Cyber Security’ at the Colombo Hilton  in November 2018.

The digital transformation is no doubt accelerating and disrupting every industry all over the world and it is important to intelligently manage the growing digital risks that arise with it. A meeting of minds of ICT professionals came together at ‘the 11th Annual National Conference on Cyber Security’ to understand and educate how these risks can be mitigated. The key feature of this event was the launching of ‘Sri Lanka Information and cyber security strategy’ aimed for the next 5 years.

Together, JIT and RSA Security conducted another successful workshop on ‘Advanced Security Operations Centre (SOC)’ to share knowledge and awareness on building resilient and comprehensive business-driven security solutions. 

On the day of the conference, Team JIT and RSA conducted a comprehensive end-to-end walk-through of RSA’s Advanced SOC; starting from compliance-driven security event management, to advanced threat detection and response, guiding the registered participants in each half-an-hour session. There was an overwhelming response to this workshop, filled with representatives from ICT and non-ICT companies including information security professionals.

The Advanced SOC end-to-end session was not only an insightful discussion about the importance of SOC and its key deliverables, but it also covered several topics on RSA SOC in depth. The JIT team along with RSA also spoke about the phases of SOC deployment and its solution features starting from visibility into logs, packets, flow data, end-points and threat intelligence, to User and Entity Behaviour Analysis (UEBA), and Security Orchestration and automation. 

The RSA NetWitness Platform is a combination of technology and services that give security operations teams the complete visibility they need to identify threats and investigate attacks, including the most advanced attacks, before they can impact the business, as well as the tools to take targeted action on the most critical incidents. 

Incident Response with RSA NetWitness Platform was demonstrated with several example cases such as Spear Phishing Emails, Encoded WebShells, Gh0stR@t, Cerber Ransomware, etc.

The RSA NetWitness Orchestrator, the Security Orchestration, Automation and Response (SOAR) platform from RSA, impressed the participants with its ability to automate task-oriented “human work”, present visualisations in intuitive Dashboards, Report on Efficiency Metrics of your SOC, Integration with 160+ partners for Orchestration, a Library of playbooks & automation scripts, War Room features, etc.

JIT Information Security Engineer Pulasthi Jayasinghe added: “We wanted to educate people on the importance of building an intelligent SOC and how its security solutions can handle risks that arise from cyber security attacks. This is necessary to protect your business from today’s evolving threat vectors. The professionals, who are already involved in security operations, found it significant how RSA as a technology vendor contributes in simplifying the “Process” and resolving the security skills gap (“People”) headache of the SOC.”  

“The successful implementation and refinement of an intelligent SOC provides the ability to compress the timeframe between discovery and remediation. In doing so you significantly reduce attacker dwell time and digital risk to the organisation,” commented RSA International (APJ and EMEA) Chief Cyber Security Advisor Leonard Kleinman. 



Your attack surface is expanding. Can your analysts keep up?

“Organisations across industries face a Catch-22 with technology. The very technologies they need to compete –cloud applications, virtual infrastructure, mobile devices, etc. – provide attackers with more vulnerabilities to exploit and more ways to evade detection. Meanwhile, attackers have more resources than ever for organisations’ infrastructure surveillance and launching their attacks, while security teams struggle with a talent shortage and an ever-expanding list of alerts.

The RSA NetWitness Platform was designed with these challenges in mind. It brings together evolved SIEM and threat defense solutions that deliver unsurpassed visibility, analytics and automated response capabilities to help security teams detect, prioritise and investigate threats across their organisation’s entire infrastructure.” 

RSA is a strategic principal of JIT. Founded in 1996, JIT is a veteran in the ICT Systems and Integrated Solutions sector in Sri Lanka. JIT has been recognised in the APAC CIO Outlook magazine’s Annual Top 25 Government and Public Sector Technology Providers in 2017 and was the only local company to be featured. With over two decades of excellence, JIT provides cutting-edge integrated solutions to telecommunications, government, health, defence, and financial sectors.

COMMENTS