Comment construire un SOC 2.0 ?

SPEAKERS

2

Marie-Odile CRINON, Founder and President, Management Risques Crise Cybersécurité, Animatrice

Matthieu HENTZIEN, Chargé de mission, bureau politique industrielle et assistance, ANSSI

Zahri BIN YNOS, Chief Operating Officer CyberSecurity Malaysia

Jean-Pierre MOULARD, SOC expert, Airbus Defence and Space CyberSecurity

Fabrice GROSEIL, directeur associé EY

Copyright © 2017 CyberSecurity Malaysia

1.BUILDING

DR . Z AHR I Y UNOSC h i e f O p e r a t i n g O f f i c e r

C y b e r S e c u r i t y M a l a y s i a

V20.SOCSense eat

4

Cyber Security Emergency ServicesCYBER SECURITY INCIDENT

IncidentCategory§ Intrusion§ IntrusionAttempt§ Spam§ DOS§ CyberHarassment§ Fraud§ ContentRelated§MaliciousCode§VulnerabilitiesReport

0

2000

4000

6000

8000

10000

12000

14000

16000

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

115 342728 503

932 739 947 915 8351372

1038

2123

3564

8090

15218

998610126

11918

9915

8334

Top 3 incidents:1. Fraud2. Intrusion3. Cyber Harassment

Technical Assistanc

eEscalatio

n

Analyze

5

TRADITIONAL SOC OPERATION

Triage• Information

Analysis• Vulnerability

Report

Incident

Report

Resolution

Intrusion Detection Systems

Network Managemen

t Tools LIMITATION / CHALLENGES

1. Increase sophistication of cyber attacks2. Technically challenging to operate and

manage vast information/incidents3. Require reliable, fast and accurate

information for decision making and action4. Training and tools expensive

PHILOSOPHY• Reactive• Responsive

6

Incident Response Escalation:

•Web Defacement System

•Ticketing system

Digital Forensics:In-depth

Threat Actor Investigatio

n

Data Analyzing: SPLUNK

Active Defense :• Firewall

• IPS, IDS, WAF• Spam Filter

Threat Intel

Repository

DataAnalysisandClassification

Process

IREscalation

PredictiveSignature

Trusted Automated

eXchange of Indicator

Information : TAXII

Security Feeds Honeynet Cyber999

IncidentsInternational

CERTs

FeedsandRawData

PROPOSED SOC OPERATION V2.0

PHILOSOPHY• Proactive• Predictive

7

INTENDED OUTCOME SOC V2.0

To have better ways of addressing the broad category of cyber security threats

To improve current framework/system that can proactively provide early warning mechasim about

cyber security threats in real-time

To enhance the service in terms of expertise and information sharing with relevant authorities and

partners