While this framework can be applied across industries, it becomes particularly critical for the BFSI and telecom owing to the nature of their business. For enterprises belonging to the BFSI industry, all the above services are recommended; however, the Identity and Access Management, Fraud, Forensic Analysis & SIRT and Wireless IPS are optional for smaller banks for obvious reasons. Similarly for enterprises in the telecom industry, other than Wireless IPS service, the rest of the elements are mandatory
Essential Elements for your SOC
Basic Security Implementations
All organizations need to implement a basic list of security technologies for overall protection. This includes a strong firewall, anti-virus and spam software, VPN devices for site-to-site and remote access as well as physical security checkpoints such as CCTVs, security guards etc.
360-Degree Security Incident/Event Management and Analysis
Security Incident and Event Management (SIEM)
The main requirement for SIEM tools is to monitor security incidents in real time and generate reports in case of any lapses. This tool also functions as a centralized security incident management framework as it can be easily integrated with other security technologies and services.
Database Activity Monitoring (DAM)
Often database administrators and other privileged users in organizations can access and modify sensitive information. DAM provides privileged user and application access monitoring, helps improve database security by detecting unusual activities, triggers alarms and meets compliance requirements.
Web Application Firewall (WAF)
WAF is necessary to ensure secure internet based (HTTP) communication and can detect common attacks such as Injection Vulnerability, Cross Site Scripting (XSS), Broken Authentication and so on. It is particularly useful in detecting and blocking out unwanted content when dealing with sensitive HTTP data and the logs generated by WAF can be used for forensic analysis and reporting.
Network Behaviour Anomaly Detection (NBAD)
NBAD is used for monitoring the network traffic behavior in realtime to protect the organization against zero day attacks that are not detected by signature/rule-based security systems like firewalls. It typically detects malwares through traffic analysis in all devices including those not discovered by the OEM vendor products and subscription services.
Vulnerability and Risk Management and Analysis
Vulnerability Management (VM)
To protect the software and hardware systems from attacks and exploiting inherent vulnerabilities, a security team must know what vulnerabilities are present. This means that organizations should have effective vulnerability management tools and processes as part of their IT security.
Threat Intelligence Service is essential for the organizations to track, update and integrate the evolving threats and vulnerabilities for monitoring and mitigation. It would track global threats and vulnerabilities, chart an action plan and notify stakeholders through advisories.
Risk management services would ensure all the identified security incidents, vulnerabilities and threats are tracked and closed. It would also monitor technology related risks like design, configuration, security baselining, etc. These services would also regularly upgrade employee skills in dealing with security challenges, process violations and unauthorized changes/access.
Anti-Malware Service for Critical Websites
This service is to ensure that the websites are proactively monitored and protected from malicious attacks particularly defacements, malwares, etc. Through real time crawling and behavior analysis of a website, this service helps avoid blacklisting of the website in search engines.
Anti-Phishing Service for Critical Websites
Phishing attempts to acquire information like usernames, passwords, credit card details etc., through emails/sms to direct users to fake websites. Anti-phishing services are essential to proactively monitor, identify, detect and protect the user’s identity and sensitive data from malicious elements.
Security Matrix & Dashboard
A Security Matrix and Dashboard provides a consolidated security status reporting of all the security technologies and services along with key metrics through a portal. This is very critical in enabling a comprehensive understanding of the security posture of the organization and typically includes dashboards for vulnerabilities, risks, security incidences, compliance, Anti X and patch management reports, and so on.
In addition to the key technologies, enterprises should invest in a SOC customized to their organization’s environment for a drill down on business and technology risks, vulnerabilities, trends and comparisons with global practices.
It is evident that enterprises need to implement the right set of security technologies and have a robust Security Monitoring Framework in place in their SOC. By adopting the proposed framework, enterprises stand to gain significantly – they choose the right set of technologies and hence secure their organization effectively. By doing this, they also invest wisely and this is critical in today’s tough market conditions. Finally, with the right set of tools and technologies, the SOC becomes easier to manage and services business requirements better.