Professional Documents
Culture Documents
Abstract
IT threats continue to evolve and become more
evasive, blended, and persistent, with attackers
nding resourceful ways to avoid detection and
breach security. The key to cyber defense is to
develop Security Operations Centers (SOCs) that
will evolve continuously to effectively counter
such advanced attacks. This paper presents a
comprehensive strategy for developing a next-
gen SOC, along with a systematic approach to
effective management.
WHITE PAPER
n A security risk n Reporting and Use Cases: After selecting the technologies
dashboard that and information sources, dene use cases and reports. To
arrive at these use cases, you should:
highlights big risk
items, current n Create a high-level threat prole of the environment
Compliance reports Security alerts , analysis, Integration with service Monitoring of the network
for regulations and and incident response management tools for and all applications across
internal policy integrated response the entire infrastructure
Reporting Forensics
!=! Email Network
Auditing Alert/Correlation monitoring Visibility
Data Enrichment
Data Enrichment
Internal Feeds External Feeds
Vulnerability and ‘Known Bad’ – IP Addresses,
Asset Information Security Analytics Domains, Hashes, etc.
Platform
Identity Information IOCs for Latest Threats
Data Sources
Coverage
Main
IT Infrastructure, Business
Compliance &
Security Focus + Platform, and + Applications and
Database Custom Sources
Detection
Advanced Enhanced
Response
Basic Detection + Correlation + Visibility
Conclusion
Having a comprehensive SOC can enhance your ability to
proactively detect, prevent, and respond to security threats
and incidents. Given the rapidly evolving digital landscape and
nature of threats, technologies used in SOCs should be scalable
and interoperable to ensure effective and efcient operations.
The process should be designed with stakeholder accountability
and communications, and associated mechanisms should be
dened as part of the processes.
References
[1] FireEye, Mandiant 2015 Threat Report, accessed August 2016,
https://www2.reeye.com/rs/reye/images/rpt-m-trends-2015.pdf
[2] Forbes, The Top 10 Security Breaches Of 2015 (Dec 31, 2015), accessed on Aug 3, 2016,
http://www.forbes.com/sites/quora/2015/12/31/the-top-10-security-breaches-of-
2015/#30afc4694ff0
[3] NIST, Computer Security Incident Handling Guide (Aug 2012), accessed Nov 2015,
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
WHITE PAPER
Tirath Singh
Contact
Visit TCS’ Enterprise Security and Risk Management services unit page for more
information
Email: Global.esrm@tcs.com
All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is
correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed
in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark
and other applicable laws, and could result in criminal or civil penalties. Copyright © 2016 Tata Consultancy Services Limited