Upload
lethuy
View
231
Download
14
Embed Size (px)
Citation preview
Comment construire un SOC 2.0 ?
SPEAKERS
2
Marie-Odile CRINON, Founder and President, Management Risques Crise Cybersécurité, Animatrice
Matthieu HENTZIEN, Chargé de mission, bureau politique industrielle et assistance, ANSSI
Zahri BIN YNOS, Chief Operating Officer CyberSecurity Malaysia
Jean-Pierre MOULARD, SOC expert, Airbus Defence and Space CyberSecurity
Fabrice GROSEIL, directeur associé EY
Copyright © 2017 CyberSecurity Malaysia
1.BUILDING
DR . Z AHR I Y UNOSC h i e f O p e r a t i n g O f f i c e r
C y b e r S e c u r i t y M a l a y s i a
V20.SOCSense eat
4
Cyber Security Emergency ServicesCYBER SECURITY INCIDENT
IncidentCategory§ Intrusion§ IntrusionAttempt§ Spam§ DOS§ CyberHarassment§ Fraud§ ContentRelated§MaliciousCode§VulnerabilitiesReport
0
2000
4000
6000
8000
10000
12000
14000
16000
1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
115 342728 503
932 739 947 915 8351372
1038
2123
3564
8090
15218
998610126
11918
9915
8334
Top 3 incidents:1. Fraud2. Intrusion3. Cyber Harassment
Technical Assistanc
eEscalatio
n
Analyze
5
TRADITIONAL SOC OPERATION
Triage• Information
Analysis• Vulnerability
Report
Incident
Report
Resolution
Intrusion Detection Systems
Network Managemen
t Tools LIMITATION / CHALLENGES
1. Increase sophistication of cyber attacks2. Technically challenging to operate and
manage vast information/incidents3. Require reliable, fast and accurate
information for decision making and action4. Training and tools expensive
PHILOSOPHY• Reactive• Responsive
6
Incident Response Escalation:
•Web Defacement System
•Ticketing system
Digital Forensics:In-depth
Threat Actor Investigatio
n
Data Analyzing: SPLUNK
Active Defense :• Firewall
• IPS, IDS, WAF• Spam Filter
Threat Intel
Repository
DataAnalysisandClassification
Process
IREscalation
PredictiveSignature
Trusted Automated
eXchange of Indicator
Information : TAXII
Security Feeds Honeynet Cyber999
IncidentsInternational
CERTs
FeedsandRawData
PROPOSED SOC OPERATION V2.0
PHILOSOPHY• Proactive• Predictive
7
INTENDED OUTCOME SOC V2.0
To have better ways of addressing the broad category of cyber security threats
To improve current framework/system that can proactively provide early warning mechasim about
cyber security threats in real-time
To enhance the service in terms of expertise and information sharing with relevant authorities and
partners