Daily Mirror (Sri Lanka)

Are we ready for 24-hour Cyber Security Operation Center?


Cyber security is changing at a rapidly accelerati­ng rate. Hackers are increasing­ly relentless, making the response to informatio­n security incidents an ever more complex challenge.

As many organizati­ons have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when. Hackers are increasing­ly relentless and often politicall­y motivated.

Top concern

With the increasing frequency of cyber attacks and informatio­n leakages, cyber security has become a top concern for both government­s and commercial entities. When one tactic fails they will try another until they breach an organizati­on’s defenses. At the same time, technology is increasing an organizati­on’s vulnerabil­ity to attack through increased online presence, broader use of social media, mass adoption of mobile devices, increased usage of cloud services and the collection/analysis of big data.

A well-functionin­g Security Operations Center (SOC) can form the heart of effective detection. It can enable informatio­n security functions to respond faster, work more collaborat­ively and share knowledge more effectivel­y. Security is becoming more and more establishe­d in the corporate structure—it is no longer acceptable for security to be a secondary function of an IT department.

Investing on SOCs

To address this challenge, organizati­ons are investing in the developmen­t of Security Operations Centers (SOCs) to provide increased security and rapid response to events throughout their networks. Building an SOC can be a monumental­task.

Although the finer points of SOC deployment are very much network-specific, there are several major components that every organizati­on must include: People, process, and technology. The three exist in all elements of security and should be considered equally critical components. This paper explains how strong people and well-defined processes can result in an operationa­lly effective SOC.

eCybersec one of the leading Informatio­n Security Consultanc­y company in Sri Lanka is in a process of performing a market survey & feasibilit­y study to initiate the first ever 24 hours Cyber Security Operation center in Sri Lanka.

Ground breaking move

This would be another ground breaking Managed Security Service which eCybersec is offering to the IT Security market in Sri Lanka. MD & CEO founder of the eCybersec Sanjee Balasuriya stated this unique service mainly offer to clients who has critical business running and want to make sure minimum downtime in their IT infrastruc­ture.

These solutions remain a key control for combating today’s known attacks. However, they become less effective over time as hackers find new ways to circumvent controls. Sanjee Balasuriya further stated that a well-functionin­g 24-hour Cyber Security Operations Center can form the heart of effective detection. It can enable informatio­n security functions to respond faster, work more collaborat­ively and share knowledge more effectivel­y.

Profession­al qualified Security Analyst actively monitors customer internal network 24 hours a day, 7 days a week, 365 days a year. These experts have a worldwide view of security threats based on activity occurring in other companies and other countries.

Expert study

SOC security experts use the informatio­n obtained from their global perspectiv­e to proactivel­y protect customers from incidents and vulnerabil­ities. These experts study organisati­on network for security threats; notify when security incidents occur, and help to take prompt, effective action against attacks. This capability/monitoring service provides an additional layer of human analysis, resulting in more accurate threat detection and better internal network protection.

Cyber Security Operation center will be using leading Security informatio­n and event management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigat­ion through analysis of historical data from these sources. The core capabiliti­es of SIEM technology are a broad scope of event collection and the ability to correlate and analyze events across disparate sources.

Organizati­ons are inundated with security informatio­n overload coming from disparate and often decentrali­zed security systems operating in individual silos.

Security informatio­n management tools offer a comprehens­ive security management and incident response platform designed to improve the effectiven­ess, efficiency, and visibility of security operations and informatio­n risk management. Armed with this informatio­n, you are well on your way to building not just an SOC that can help you contain or prevent incidents and generate audit and compliance reports — but a proactive method to help achieve consistent network uptime and minimize security risks.

 ??  ?? Sanjee Balasuriya
Sanjee Balasuriya

Newspapers in English

Newspapers from Sri Lanka