Dear PenTest Readers,
In the current issue we are analyzing the concept of Security Operations Centers. Our contributors provided articles on various aspects of this crucial, centralized unit of organizational structure. We are happy to present you the technical case studies, the analysis of the role of automation in the functioning of SOCs, and some perspectives for their evolution in the future.
The authors of this month’s content are experienced professionals who are working within the SOC framework, covering the topics based on their practical and academic background.
If you haven’t had any direct contact with Security Operations Centers yet, this issue will give you a comprehensive insight into the essential dimensions of their functioning. On the other hand, if you already know SOCs very well, we have a good supply of some fresh, thought-provoking ideas - both on technical and organizational levels, as two of them are equally crucial in the context of efficient Security Operation Center.
As usual, you will also find the articles related to other topics of cybersecurity.
We would like to express our gratitude to all contributors and reviewers involved in the creation of this issue.
Without further ado,
Enjoy the content!
PenTest Magazine’s Editorial Team.
Table of Contents
The Red Pill of SOC Automation
by Nicolas Mattiocco
Because the assets are in continuous transformation and the spectrum of threat scenarios is reshaped every day, it became clearly obvious that manual security assessments, classical yearly penetration testing or quarterly configuration reviews are not best practices anymore. Maybe it already belongs to a bygone age. Because attackers are impressively gaining in velocity, organizations have to adapt their detection strategy of cyber threats. On the defensive side, a SOC will never be able to hire enough people to analyze and respond to all alerts.
Examining Perspectives: Both Sides of the Line
by Jeremy Walker and Jesse Cabrera
Despite the degree of separation with regards to sophistication and the level of technology within the agents and SOC categorizations, there are many similarities, so this article will explore a few scenarios from the differing vantage points of SOCs and agents.
Future Generation’s Security Operations Centers
by Zinedine Boudegna
If we compare a company to a medieval city, the SOCs are the control towers that guard against the cyber threats that the company faces every moment. In a hyper-connected digital world, the threat is not always as clear as that in the middle ages. It is not a group of armed people that we can see from afar and launched a signal via his blowing horn, the cyber world is much more complex than that. The threat may come from within, not only from the outside, and its shape is hyper changing.
Is Your SOC Ready To SOAR?
by Thomas Mitchell
Since Gartner's first analysis of the SOAR space (which was initially defined by Gartner as "security operations, analytics, and reporting"), the vendor and technology landscape has evolved. In 2017, many technologies claimed the ability to orchestrate incident response, but present some limitations in capabilities that could deliver real overall benefits for the efficacy of an operations team. Examples of these shortcomings include a limited ability to show the big picture of organizations' state of security or the lack of connectivity to the organization's ecosystem of tools. Security orchestration and automation have become closely aligned with security incident response (SIR) and general operations processes.
What Does a Next-Generation SOC Look Like?
by Shiran Grinberg
Given these many challenges, creating a SOC that’s effective and can be maintained successfully is a big job that requires careful planning. If the goal of the SOC is to meet your security needs and manage risk in your organization, you need to keep this knowledge “front and center” – no compromises. Start by defining the structure and processes, and determine appropriate decision-making procedures before you begin.
Should You Take That SOC Role?
by Ben Ferguson
There are many places where pentest professionals might ply their trade but their natural home is probably the security operations center. The problem with SOCs is that, in such a messy industry, they can come in many shapes and sizes. After all, put two cybersecurity professionals in a room together with a few industry tools and what's to stop you from calling it an SOC? The good news is that the analytical mind of a good pen tester can be put to good use when sussing out a potential employer. This article looks at four different types of SOC, how you can identify them and whether you are likely to thrive there. These offer a way to simplify your choice when it comes to whether to respond to a job advertisement. But first, why do SOCs vary so much in the first place?
20 Tips to Improve Your SOC Productivity
by Anderson Nunes Sales
With these tips you can achieve better results; and remember that SOC's primary hidden mission is to make the company have confidence in the security team. Remembering that there is no silver bullet to solve all SOC problems. What exists is a hard work and a careful look on each of the department's tasks.
Threat Modeling Best Practices
by Sandeep Kumar Singh
Many times, teams consider Threat Modeling merely as a checklist item in their DoDs and they just create a very basic version of a threat model that is never updated, outcomes of such threat modeling efforts are not great as it fails to dig deeper into design layers. Remember, Threat Modeling is a live document and it must be kept up-to-date, release over release, till the application is end of life (EOL). An up-to-date and complete threat model must be referenced while running pentests as it could help you in identifying new attack vectors. It must also be referred to while making any design changes to see any impact on existing defenses and it could also suggest requirements of any new mitigations to be built in due to the new change being introduced.
Cyber Security For E-commerce
by Krasimir Kotsev
Good security measures are just as important as the functionality capabilities of every E-commerce platform. A cyber attack could ruin the trust among your consumers, could lead to stolen credentials or financial and legal consequences. There are many security solutions on the market that can be implemented – some of them more expensive than others. However, good expertise is needed in order to choose the right expertise for your organization.
International Cooperation To Ensure Secure Cyberspace Is The Main Diplomatic Tool
by Tawhidur Rahman
Cyber policy is a policy field in the making. Thus, there is still a lot of terminological confusion, ranging from rather benign differences such as the interchangeable use of prefixes (cyber/e/digital/net/virtual) through to core differences, when the use of different terms reflects different policy approaches. In policy and political discussions about cybersecurity, different organizations and governments use different terminology, but they also view cybersecurity concepts differently.