About

 This is a blog dedicated to cybersecurity journey.

Comments

Post a Comment

Popular posts from this blog

Introduction to SOC

Image
What is SOC? SOC is an abbreviation for Security Operations Center, a SOC improves any organization’s threat detection, incident response, threat prevention by unifying and coordinating all cybersecurity technologies and operations. A SOC is a team of IT security professionals who monitors 24×7 organization’s IT infrastructure to detect cybersecurity events in real time and respond to them effectively within a shortest period of time possible. SOC Activities and Responsibilities Preparation, planning and prevention Monitoring, detection and response Recovery, refinement and compliance 1. Preparation, planning and prevention Asset Inventory – SOC has a responsibility to maintain an inventory of the assets to identify which of them needs to be protected, assets can be inside or outside of datacenter. They can be databases, cloud services, applications, endpoints, servers or they can be tools used to protect the assets like firewalls, antivirus, antimalware, monitoring applications etc. ...
Read more

What is SIEM? - Overview

Image
SIEM - Security Information and Event Management, a security solution to address security threats and vulnerabilities which can interfere with organization's business operations. SIEM tool helps the organization's security team to detect any anomalies in its network and alerts the SOC team. Most recent SIEM tools have incorporated artificial intelligence (AI) which can help in automating most of the manual processes related to threat detection and incident response increasing productivity. SIEM = SIM + SEM SIM - Security Information Management SEM - Security Event Management SIEM is the combination of SIM and SEM, enabling the real-time monitoring and analysis of security events along with tracking and logging of security data for compliance / auditing.  SIEM has evolved over the years and embedded UEBA - User & Entity Behavior Analytics along with many other security analytics and features like AI and machine learning to identify any abnormal or anomalous user behaviors wh...
Read more

SOC Types and Roles

Image
  Types of SOC Models Each organization has its own requirements and budget allocated to SOC. So, there are several types of SOC based on those requirements and budget: In-House SOC – Organization builds their own cybersecurity team. But such organization should have a budget to support the survival of the SOC team. Virtual SOC – SOC team does not have their own facility and works often from remote locations. Co-Managed SOC – Organization’s internal SOC team works with an external Managed Security Service Provider (MSSP). In this model, communication and coordination between internal and external teams is important. Command SOC – Senior and experienced SOC team overseeing the smaller SOCs in a large region. Major telecom providers and defense agencies operate on this model. SOC – People, Processes, and Technology A strong coordination between people, processes, and technologies is required to build a strong, capable and successful SOC. People – SOC needs highly trained employees...
Read more