Daily Mirror (Sri Lanka)
Are we ready for 24-hour Cyber Security Operation Center?
Cyber security is changing at a rapidly accelerating rate. Hackers are increasingly relentless, making the response to information security incidents an ever more complex challenge.
As many organizations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when. Hackers are increasingly relentless and often politically motivated.
With the increasing frequency of cyber attacks and information leakages, cyber security has become a top concern for both governments and commercial entities. When one tactic fails they will try another until they breach an organization’s defenses. At the same time, technology is increasing an organization’s vulnerability to attack through increased online presence, broader use of social media, mass adoption of mobile devices, increased usage of cloud services and the collection/analysis of big data.
A well-functioning Security Operations Center (SOC) can form the heart of effective detection. It can enable information security functions to respond faster, work more collaboratively and share knowledge more effectively. Security is becoming more and more established in the corporate structure—it is no longer acceptable for security to be a secondary function of an IT department.
Investing on SOCs
To address this challenge, organizations are investing in the development of Security Operations Centers (SOCs) to provide increased security and rapid response to events throughout their networks. Building an SOC can be a monumentaltask.
Although the finer points of SOC deployment are very much network-specific, there are several major components that every organization must include: People, process, and technology. The three exist in all elements of security and should be considered equally critical components. This paper explains how strong people and well-defined processes can result in an operationally effective SOC.
eCybersec one of the leading Information Security Consultancy company in Sri Lanka is in a process of performing a market survey & feasibility study to initiate the first ever 24 hours Cyber Security Operation center in Sri Lanka.
Ground breaking move
This would be another ground breaking Managed Security Service which eCybersec is offering to the IT Security market in Sri Lanka. MD & CEO founder of the eCybersec Sanjee Balasuriya stated this unique service mainly offer to clients who has critical business running and want to make sure minimum downtime in their IT infrastructure.
These solutions remain a key control for combating today’s known attacks. However, they become less effective over time as hackers find new ways to circumvent controls. Sanjee Balasuriya further stated that a well-functioning 24-hour Cyber Security Operations Center can form the heart of effective detection. It can enable information security functions to respond faster, work more collaboratively and share knowledge more effectively.
Professional qualified Security Analyst actively monitors customer internal network 24 hours a day, 7 days a week, 365 days a year. These experts have a worldwide view of security threats based on activity occurring in other companies and other countries.
SOC security experts use the information obtained from their global perspective to proactively protect customers from incidents and vulnerabilities. These experts study organisation network for security threats; notify when security incidents occur, and help to take prompt, effective action against attacks. This capability/monitoring service provides an additional layer of human analysis, resulting in more accurate threat detection and better internal network protection.
Cyber Security Operation center will be using leading Security information and event management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyze events across disparate sources.
Organizations are inundated with security information overload coming from disparate and often decentralized security systems operating in individual silos.
Security information management tools offer a comprehensive security management and incident response platform designed to improve the effectiveness, efficiency, and visibility of security operations and information risk management. Armed with this information, you are well on your way to building not just an SOC that can help you contain or prevent incidents and generate audit and compliance reports — but a proactive method to help achieve consistent network uptime and minimize security risks.