Alien Vault (USM)

Splunk

LogRhythm

HP (ArcSight ESM)

NetIQ (Sentinel)

Solarwinds SIEM

Intel (McAfee ESM)

Event Tracker

LogPoint SIEM

Dell (RSA Security)

IBM QRadar SIEM

Exabeam SIEM

Building a Cyber Security Operations Center (CSOC)





Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise.

This includes a vast array of sophisticated detection and prevention technologies, a virtual sea of cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals. Yet, most CSOCs continue to fall short in keeping the adversary—even the unsophisticated one—out of the enterprise.

Ensuring the confidentiality, integrity, and availability of the modern information technology (IT) enterprise is a big job.

It incorporates many tasks, from robust systems engineering and configuration management (CM) to effective cybersecurity or information assurance (IA) policy and comprehensive workforce training.

It must also include cybersecurity operations, where a group of people is charged with monitoring and defending the enterprise against all measures of cyber attack.

What Is a CSOC?

A Cyber Security Operation Center (CSOC) is a team primarily composed of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents.

The practice of defense against unauthorized activity within computer networks, including monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.



Aspire Tech offering for enterprise organizations to consult, build, operate, and optimize their on-premise Security Operations Centers.



Why do enterprises need a SOC?


Building an enterprise Security Operations Center (SOC) is an effective path to proactively identify, monitor and manage security risks. An enterprise SOC encompasses the people, processes and technologies that handle information technology threat monitoring, forensic investigation, incident management and security reporting


A SOC helps organizations to:

  • Have visibility of their Security Posture
  • Detect threats and malicious behaviours
  • Identify and manage threats and risks
  • Detect and prevent breaches and security incidents
Most organizations prefer to build up their SOC in their own premises for several reasons including mainly:

  • Raising concerns on Data Privacy and confidentiality
  • Complying with local regulations
  • Operational control and efficiency

Elements of a SOC

An enterprise SOC functions as a team of skilled people operating under defined processes and supported by integrated security intelligence technologies that are typically housed within customer premises. The SOC typically consists of the following areas:

  • Skilled People for defined processes equipped with in-depth knowledge of the intelligence technologies that are housed within one or several on-premise facilities.

  • Processes that are designed specifically considering the technology hosted in the organization to assist ensuring that both Technology & People behave appropriately
  • The right Technology with the precise expert implementation, which can effectively and optimally identify the threat landscape.

  • Adequate controls in place for the Governance of the operation to ensure adherence to best practices and continual improvement.

Capabilities:


A SOC satisfies the constituency’s network monitoring and defense needs by offering a set of services.

The SOC’s management chain is responsible for picking and choosing what capabilities best fits its constituency’s needs, given political and resource constraints.



  • Real-Time Monitoring & Analysis
  • Cyber Intel Collection and Analysis
  • Incident Analysis and Response
  • Artifact Analysis
    • Forensic Artifact Handling
    • Malware and Implant Analysis
  • SOC Tool Life-Cycle Support
  • Audit and Insider Threat
  • Scanning and Assessment
  • Outreach

SOC equipment:



  • Border Protection Device O&M
  • Sensor Tuning and Maintenance
  • Custom Signature Creation
  • Audit and Insider Threat
    • Audit Data Collection and Distribution
    • Audit Content Creation and Management
    • Insider Threat Case Investigation
  • Scanning and Assessment
    • Network Mapping
    • Vulnerability Scanning
    • Vulnerability Assessment
    • Penetration Testing
  • Product Assessment
  • Security Consulting
  • Training and Awareness Building
  • Situational Awareness
  • Redistribution of TTPs

Aspire Tech Engagement Model


Aspire Tech have designed a more competitive approach that delivers to organizations the best value by maximizing the strengths of each company. The engagement is mainly divided into four phases.


Phases Deliverables
Phase 1. Aspire Tech to Assess the customer’s requirement and Design the solution based on the industry’s standards and best practices
  • SOC Strategy Development
  • SOC Technical Architecture
  • Development of Processes
  • SOC Organization Plan with RACI
  • SOC Metrics and Analytics's Definition
Phase 2. Aspire Tech will Build the solution and Implement the Phase 1 strategy document
  • Supply of Infrastructure and Security Technology
  • Implementation of Technology and Processes
  • Simulation and Testing of SOC Practices
  • Training and Knowledge Transfer
Phase 3. Aspire Tech will provide the skilled staff to Operate, Support and Maintain the SOC as per the customer’s requirements
  • Provide Skilled Resources to Comply with the SOC Plan
  • Operate the Security Operations Centre
  • Maintain the Service Level Agreement (SLA) and Compliance
Phase 4. Aspire Tech will engage to Mature and Optimize the SOC
  • SOC Maturity Assessment
  • Technology, Processes, People Optimization
  • Transformational Services
  • Testing of Best Practicesr

A unique Value Proposition Delivered by


Aspire Tech creates a solution which is unique and cost effective to enterprises


1. Aspire Tech is A leading IT & Security systems integrator across the USA, Germany & Bangladesh for the past 10 years

2. Aspire Tech will use top Solution in Gartner Quadrant and recognized by analysts globally for Security Managed Services

3. A holistic and integrated Security Solutions portfolio covering end points, data, people, network, forensics and application security.

4. 5+ years Experience in building and operating SOCs.

5. More than 10 dedicated Security Architects and Consultants supported by 100+ employees.

6. 24 x 7 local support for security solutions with international standards

Copyright © 2018 Aspire Tech, All rights reserved.