Intelligence-Driven Modern SOC: A Future-ready Outfit

วันที่ 7 กรกฎาคม 2563 (09.45-11.00)

สถานที่ Online

Intelligence-Driven Modern SOC: A Future-ready Outfit

Transforming your Security Operations Centre from an “incident-driven” to an “intelligence-driven” modern enterprise

 

It is a known fact that the healthcare industry frequently struggles with data breaches and other cybersecurity threats. That’s likely because cybercriminals know the real value of medical data. It’s also problematic that healthcare information often gets passed between multiple parties and organisations, some of which may have insufficient security practices. 

 

It is then no surprise that COVID-19 is not the only virus that the healthcare institutions are fighting. Since the World Health Organisation’s (WHO) declaration of COVID-19 as a pandemic, cybercriminals have targeted hospitals, vaccine testing facilities, healthcare workers, and even the WHO itself.

 

It is reported that healthcare organisations are sitting on ‘unexploded’ ransomware attacks.

 

Attacks from malicious actors are not ceasing, which means healthcare cybersecurity must remain a priority in 2020 and beyond. But, what, specifically, should the healthcare institutions be doing to proactively protect themselves?

 

Leveraging actionable threat intelligence

 

 

The Intelligence-Driven SOC is modelled to incorporate all components. Right from able to predict threats & attacks with the incorporation of the threat intelligence feeds encompassing technical, operational, tactical & strategic threat intelligence to the formulation of a process for advance targeted attacks with sandbox analysis.

 

 

It also encompasses, automated response activity through the endpoint detection & response while incorporating necessary cybersecurity services & training to address the skill gap in cybersecurity.

 

The question is – Does your SOC comprise of an organised team of security analysts and engineers. Can they detect, analyse, and respond to incidents, always working in lockstep with business managers to execute on the security strategy? Awesome!

 

We hope it’s not a few analysts who spend their days reactively responding to security issues with a variety of point tools at their fingertips?

 

Establishing SOC as a centre of excellence

 

Cyber threat intelligence has to be a key differentiator in your organisation’s cybersecurity strategy.

 

The current set of issues is that every organisation which has a SOC would be receiving some kind of threat intelligence either as a standard threat feed to the SIEM. But this does not in any way look at all the threat intelligence requirements of the organisation such as operational, tactical & strategic threat intelligence.

 

Since the current state of threat intelligence is not entirely understood, organisation tend to ignore the value of threat intelligence, especially of tailored threat intelligence specific to an organisation IT environment.

 

Thus, it is of great importance that organisations start leveraging threat intelligence in a far more robust manner to be able to PREDICT the next level of attacks, including Dark Web Monitoring & reporting capabilities.

 

 

But, has your Security operations Centre identified the set of success metrics?

 

• Response - Is your SOC equipped to optimise and respond effectively with advanced tools and strategies

 

• Regulation - How aligned is your SOC to industry best practices and regulatory guidelines to maintain a secure environment for your customers

 

• Security - How secured and well prepared is your SOC against the sophisticated and ever-evolving cyber threats?

 

• Strategy - Is your SOC leveraging technology to monitor entire information domain to help prevent, detect, respond and predict to attacks

 

• Framework - Does your SOC team possess a formal vulnerability identification program, threat hunting, incident response, threat mitigation processes

 

• Skill Enhancement: Is the SOC team trained adequately to respond to threats, discover breaches, and go on a hunt for malicious actors & artefacts within the organisation?

 

 

OpenGov is pleased to invite you to our exclusive OpenGovLive! Virtual Insight aimed at imparting knowledge on how the SOC team is always powered on and prepared to outsmart, withstand, and remediate against cyberthreats.

 

This session serves as a great peer-to-peer learning platform to gain insights and practical solutions to understand the success metrics of a Modern SOC and how to transform it into an intelligence-driven SOC from an incident driven approach.

 

We will be discussing:

• Best approaches in threat hunting to proactively search for threats being undetected by traditional security systems like firewalls, IPS/IDS, SIEM, etc.
• Establishing an incident response framework implemented to limit damage and reduce remediation costs
• Learn the key aspects and building blocks of a modern and successful Security Operations Centre
• Leverage technology to make the security more robust and cyber defences more powerful
• Empower the modern SOC to efficiently and effectively detect and remediate threats
• Focus on timely detection of IT security incidents through correlating, analysing and threat hunting
• Execute the vulnerability management life cycle in line with the local and regional guidelines
• Identify critical security operations metrics and implementing necessary improvements