Promoting a 24-hours Cyber Security Operation Centre

Tuesday, 31 December 2013 00:01 - - {{hitsCtrl.values.hits}}

Cyber security is changing at a rapidly accelerating rate. Hackers are increasingly relentless, making the response to information security incidents an ever more complex challenge. As many organisations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when. Hackers are increasingly relentless and often politically motivated. With the increasing frequency of cyber attacks and information leakages, cyber security has become a top concern for both governments and commercial entities. When one tactic fails they will try another until they breach an organisation’s defences. At the same time, technology is increasing an organisation’s vulnerability to attack through increased online presence, broader use of social media, mass adoption of mobile devices, increased usage of cloud services and the collection/analysis of big data. A well-functioning Security Operations Centre (SOC) can form the heart of effective detection. It can enable information security functions to respond faster, work more collaboratively and share knowledge more effectively. Security is becoming more and more established in the corporate structure – it is no longer acceptable for security to be a secondary function of an IT department. To address this challenge, organisations are investing in the development of Security Operations Centres (SOCs) to provide increased security and rapid response to events throughout their networks. Monumental task Building an SOC can be a monumental task. Although the finer points of SOC deployment are very much network-specific, there are several major components that every organisation must include: People, process, and technology. The three exist in all elements of security and should be considered equally critical components. This paper explains how strong people and well-defined processes can result in an operationally effective SOC. eCybersec one of the leading Information Security Consultancy companies in Sri Lanka is in a process of performing a market survey and feasibility study to initiate the first ever 24 hours Cyber Security Operation centre in Sri Lanka. This would be another ground breaking Managed Security Service which eCybersec is offering to the IT Security market in Sri Lanka. Managing Director and CEO founder of the eCybersec Sanjee Balasuriya stated that this unique service mainly offers to clients who have critical business running and want to make sure of minimum downtime in their IT infrastructure. These solutions remain a key control for combating today’s known attacks. However, they become less effective over time as hackers find new ways to circumvent controls. The heart of effective detection Balasuriya further stated that a well-functioning 24 hours Cyber Security Operations Centre can form the heart of effective detection. It can enable information security functions to respond faster, work more collaboratively and share knowledge more effectively. Professional qualified Security Analyst actively monitors customer internal network 24 hours a day, 7 days a week, 365 days a year. These experts have a worldwide view of security threats based on activity occurring in other companies and other countries. SOC security experts use the information obtained from their global perspective to proactively protect customers from incidents and vulnerabilities. These experts study organisation network for security threats; notify when security incidents occur, and help to take prompt, effective action against attacks. This capability/monitoring service provides an additional layer of human analysis, resulting in more accurate threat detection and better internal network protection. Cyber Security Operation centre which will be using leading Security information and event management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyse events across disparate sources. Organisations are inundated with security information overload coming from disparate and often decentralised security systems operating in individual silos. Security information management tools offer a comprehensive security management and incident response platform designed to improve the effectiveness, efficiency, and visibility of security operations and information risk management. Armed with this information, you are well on your way to building not just an SOC that can help you contain or prevent incidents and generate audit and compliance reports – but a proactive method to help achieve consistent network uptime and minimise security risks.