5G/SOC: Inside the world’s most advanced SOCsh41382. · Security Operations Center (SOC) Threat...

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

5G/SOC: Inside the world’s most advanced SOCs Colin Henderson, Global Principal Consultant

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2

Web & application security

Data protection

Data center security

Intelligence & operations

Information governance

START

Mobility and devices

Identity and access

Cloud security

We see security everywhere


Security Intelligence & Operations Consulting


Security Operations Center

Situational awareness

Security Monitoring

Cyber Defense Center (CDC) Security Operations Center (SOC) Threat Operations Center (TOC) Security Defense Center (SDC) Cyber Security Intelligence Response Center (C-SIRC)

Threat Management Center (TMC) Security Intelligence and Operations Center (SIOC) Security Intelligence and Threat Handlers (SITH) Security Threat and Intelligence Center (STIC)

Intrusion Analysis


People, process, technology

Technology Process

Network & system owners Incident

handler

Case closed

Escalation People

Level 1 Level 2

Engineer

1

Firewall

Router Intrusion detection

Web server Proxy

server

ESM server

3

4

5

6

2


1G/SOC


1G/SOC: 1970’s - 1995

Birth of the Internet: businesses not connected, or via slow connections Nuisance programs and minimally impacting malicious code Information security tools appear Military and governments start to build SOCs and CERTs


Firewalls IDS Network equipment

1G/SOC data feeds

LOG LOG LOG


2G/SOC


2G/SOC: 1996 - 2001 Malware outbreaks & intrusion detection MSSPs begin to offer SOC as a service to customers SIEM concepts are introduced


2G/SOC data feeds

Firewalls IDS Network equipment


3G/SOC


3G/SOC: 2002 - 2005

Botnets, cybercrime, intrusion prevention, and compliance Largest companies in specific industries create SOCs internally


3G/SOC data feeds

Intelligence feeds Vulnerability scanning

Server and desktop OS

Firewalls/ VPN IDPS Databases

Network equipment

System health information

Web traffic Anti-virus


4G/SOC


4G/SOC: 2006 - today Hacktivism, intellectual property theft, advanced persistent threat Wide adoption of continuous security monitoring as breaches fill headlines


4G/SOC data feeds Network equipment

Vulnerability scanning Anti-virus

Business context Physical infrastructure

System health information

Web traffic Intelligence feeds Directory

services

Firewalls/ VPN Idps Databases Applications Server and

desktop OS

Identity management


5G/SOC


10+ years of breaches

How we got here

Increased awareness Advancements in technology Increasing regulation Consumerization of IT

Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/


Subtle threat detection, hunt teams, counter-intel, anti-fragile, Advanced analytics, big data

5G/SOC: 2013 - ?

The Internet Client/server Mobile, social, big data & the cloud

CRM

SCM

HCM

MRM

Amazon Web Services

IBM

GoGrid

Joyent

Hosting.com Tata Communications

Datapipe Alterian

Hyland

LimeLight NetDocuments NetReach

OpenText

Google

HP

EMC Qvidian

Sage

salesforce.com

Xactly

Zoho

Ariba

CCC

DCC

Cost Management

Order Entry

Product Configurator

Bills of Material Engineering

Inventory

Manufacturing Projects

Quality Control

Education

Lifestyle

Music

Reference

Sport

Travel

Every 60 seconds

400,710 ad requests

2000 lyrics played on Tunewiki

1500 pings sent on PingMe

34,597 people using Zinio

208,333 minutes of Angry Birds played

23,148 apps downloaded

Unisys

Burroughs Hitachi

NEC

Taleo

Workscape

Cornerstone onDemand

OpSource

PPM

PaperHost

Xerox Microsoft

SLI Systems

IntraLinks

SugarCRM

Volusion

Adobe

Avid

Corel

Microsoft

Serif

Yahoo CyberShift

Saba

Softscape

Sonar6

Yahoo!

Quadrem

Elemica

Kinaxis

SCM ADP VirtualEdge

CyberShift

Kenexa Saba

Softscape

Sonar6

Exact Online

FinancialForce.com

Intacct NetSuite

SAP

NetSuite

Plex Systems

Database

ERP HCM

PLM

Claim Processing

Bull

Fijitsu

Cash Management

Accounts Receivable

Fixed Assets Costing

Billing

Time and Expense

Activity Management

Payroll

Training

Time & Attendance

Rostering Sales tracking &

Marketing

Commissions Service

Data Warehousing

546,000 tweets

Finance

box.net

Facebook

LinkedIn

Pinterest

Atlassian

SmugMug Amazon iHandy

PingMe

Snapfish Urban

Scribd.

Pandora

AppFog

Bromium

Splunk

kaggle

Parse

ScaleXtreme

SolidFire

Quickbooks

Foursquare

buzzd

Dragon Diction eBay

SuperCam

UPS Mobile

Scanner Pro

Rackspace

Jive Software

Paint.NET

Business

Entertainment

Games

Navigation

News

Photo & Video

Productivity

Social Networking

Utilities

Workbrain

SuccessFactors

Workday

TripIt

Zynga

Zynga

Baidu

Twitter

Twitter Yammer

Atlassian

MobilieIron SmugMug

Atlassian

Amazon

PingMe

Associatedcontent

Flickr

YouTube

Answers.com

Tumblr.

MobileFrame.com

Mixi

CYworld

Qzone

Renren

Xing

Yandex

Yandex Heroku

RightScale

New Relic

CloudSigma

cloudability

nebula

Zillabyte

dotCloud

BeyondCore

Mozy

Viber

Fring Toggl

MailChimp

Hootsuite

Fed Ex Mobile

DocuSign

HP ePrint

iSchedule

Khan Academy

BrainPOP

myHomework

Cookie Doodle

Ah! Fasion Girl

Mainframe


5G/SOC Acknowledge security threats are driven by human adversaries

Assume compromise

Anti-fragile enterprise

Interaction with peers; organizations readily share information

Hunt teams search large data sets to find threats and attack patterns we did not know about previously

Convergence of IT Security and IT Operations tools to facilitate better visibility

Data visualization drives how anomalies are discovered and researched


5G/SOC functional process framework

Intelligence

Detect

Respond

Remediate


Security Intelligence

Manager

Intelligence Team

Monitoring and Analysis

Rules & Content Development

Triage & Prioritization

Hunt Teams

Infrastructure Support

Incident Management

Escalation Handling and Root Cause

Analysis

Forensics

Other Functions

Red Team

?

Business Office

5G/SOC org structure


How has security visualization evolved?


1G/SOC


2G/SOC


3G/SOC


4G/SOC


5G/SOC


Hunt teams Big data analysis

Use cases: • Previously unseen connections from DMZ servers • Previously unseen connections from critical business servers • Previously unseen executables launching • Abnormal logins from service accounts • Abnormal logins from admin accounts

Select a subset of fields to save long term for analytical searches


The now and future of security


Thank you! [email protected] www.hp.com/go/5GSOC


Security for the new reality


A short video

5G/SOC: Inside the world’s most advanced SOCsh41382. · Security Operations Center (SOC) Threat...

Documents

Transcript of 5G/SOC: Inside the world’s most advanced SOCsh41382. · Security Operations Center (SOC) Threat...