Build your own CSIRT/SOC real projects experience · 2018-06-12 · Build Your Own CSIRT/SOC...
Transcript of Build your own CSIRT/SOC real projects experience · 2018-06-12 · Build Your Own CSIRT/SOC...
ADD YOUR BRAND HERE
5th of June 201815.30 - 16.30
Build your own CSIRT/SOC –real projects experience
Dr. Vilius Benetis
Build Your Own CSIRT/SOC – Real Projects Experience
TRUSTED CYBER SECURITY NETWORKS AROUND THE WORLD
Build Your Own CSIRT/SOC – Real Projects Experience
NRD CYBER
SECUR ITY
CS IRT/SOC deve lopment ,
technology consu l t ing ,
i nc ident re sponse, and
app l ied research company
NRDCS .L T
Build Your Own CSIRT/SOC – Real Projects Experience
South & Southeast
Asia
Sub-SaharanAfrica
CentralAmerica
BUILDING CYBERSECURITY
CENTERS (CSIRTS) FROM 1998.
CSIRT/SOC TEAMS
ESTABLISHMENT GLOBALLY TO
CONFRONT CYBERATTACKS
AND CYBER CRIME.
CURRENTLY FULLY-PACKAGED
TEAM TRUSTED BY ITU FOR
THE JOB, GLOBALLY.
O U R P R O J E C T
G E O G R A P H Y
NRD Cyber Secu r i t y i s con t ro l l e d by INVL Techno l o gy , LTU . INVL Techno l o gy managed
compan i e s imp lem e n t p ro je c t s i n 50+ count r i e s wor ldw ide .
Build Your Own CSIRT/SOC – Real Projects Experience
MISS ION
PARTNERSH IPS
I N BU I LD ING
CYBERSECUR IT Y
CENTERS
Build Your Own CSIRT/SOC – Real Projects Experience
True needs for CSIRT/SOCs
1. When attack hits:is there a skilled team ready to respond and handle cyber-incidents in the well known and internationally accepted Incident Response method?
2. Cyber crime is international:is your team trusted by international community to provide support in your investigations?
Build Your Own CSIRT/SOC – Real Projects Experience
True needs for CSIRT/SOCs
3. Do you have clear definition:on cyber-incident and clear automation-assisted processes to handle it?
If yes, how do you know it works efficiently?
4. Do you believe that ITIL brought efficiency to your IT operations?
If yes, then CSIRT processes would bring the same to Cyber Security Response (CSIRT/SOCs)
Build Your Own CSIRT/SOC – Real Projects Experience
Who should have CSIRT/SOCs?
When organization is substantially digital, i.e.:
1. Processes a lot of data especially sensitive: personal, financial, etc.
2. Automates processes heavily
3. Is part of critical infrastructure
4. Is highly susceptible to the cyber threats
Build Your Own CSIRT/SOC – Real Projects Experience
Define: CSIRT/SOC/CERT/ISAC
IT Security Teams matures into:
Computer Security Incident Response Teams (CSIRT)
CSIRT is synonymous to:
• Computer Emergency Response Team (CERT),
• Cybersecurity Incident Response Team (CIRT),
• Product Security Incident Response Team (PSIRT),
• Information Sharing and Analysis Center (ISAC)
Security Operations Center (SOC) is:
A partial operations of CSIRT model, primarily focused on internal monitoring, detection and triage.
Build Your Own CSIRT/SOC – Real Projects Experience
Financial CSIRT/SOCs
Sources: www.FIRST.org and www.trusted-introducer.org
Compiled by Vilius Benetis, April 2018
Build Your Own CSIRT/SOC – Real Projects Experience
Securing digital assets – concept
Every digital asset has exposure
Establishment of CSIRT/SOCs enables
proactive and measured way of dealing
with cyber issues:• National
• Government
• Sectorial (e.g. banking, energy)
• Internal (SOC)
• Private CSIRTs
Governance
Technologies
Processes
People
Digital assets
• Data centers
• Data networks
• Information systems
• Servers
• Exchange platforms,
Certificate authorities
Who is protecting digital assets?
CSIRT/SOC
Build Your Own CSIRT/SOC – Real Projects Experience
CSIRT model by FIRST.org
Source: https://www.first.org/education/service-framework
Build Your Own CSIRT/SOC – Real Projects Experience
BANGLADESH NAT IONAL
COM PUTER INC IDENT
RESPONSE TEAM
ESTABL I SHM ENT
Bangladesh e-Government Computer Incident Response
Team (BGD e-Gov CIRT) was established at BCC under the
project "Leveraging ICT for Growth, Employment and
Governance Project (LICT)", financed by the World Bank.
Certified BGD e-Gov CIRT establishment is the first stage
of the National CIRT development process .
Build Your Own CSIRT/SOC – Real Projects Experience
Results support continuous growth in cyber ratings
In 2017 Bangladesh went up in cyber security ratings of
International Telecommunications Unit (ITU):
• Reached maturing country‘s status along with other 76
countries
• Made to the TOP 15 countries in Asia & Pacific and
reached 53 position out of 165.
• Reached maximum level in technical cyber security
measures
Build Your Own CSIRT/SOC – Real Projects Experience
Results support continuous growth in cyber ratings
Foreign investors use ITU Global Cyber
Security Index as a reference to evaluate
country’s cyber wellness profile before
making investment decisions
Build Your Own CSIRT/SOC – Real Projects Experience
HOWTO MAKE IT WORK?
Build Your Own CSIRT/SOC – Real Projects Experience
CSIRT
CSO/CISO
Policy Makers / Board
Digital assets protection (Applications, Networks)
Incidents detection, coordination, resolution
Response coordination
(National CERT)
International recognition
Establishing CSIRT/SOC
Partners:
LEA, IA, Private, Research
Constituency
Build Your Own CSIRT/SOC – Real Projects Experience
CSIRT/SOC
CSO/CISO
Board / Policy Makers
Early warning functionDeeper level of cyber
threat visibility
Cyber threat s i tuat iona l awareness
and ana lys i s sect ion ( for SOC)
LEA, IA, Private, Research
Build Your Own CSIRT/SOC – Real Projects Experience
Different CSIRT/SOC stacks
Build Your Own CSIRT/SOC – Real Projects Experience
B A N G L A D E S H C S I R T L A B
E S T A B L I S H M E N T
A f t e r t h e e s t a b l i s h m e n t o f B G D e - G o v C I R T , t h e
n e e d f o r i n c r e a s e d m a t u r i t y w a s i d e n t i f i e d a n d B C C
C I R T L A B w a s e s t a b l i s h e d t o p r o v i d e B G D e - G o v
C I R T w i t h a d d i t i o n a l O S I N T , i n c i d e n t i n v e s t i g a t i o n ,
e d u c a t i o n a n d s c i e n t i f i c a p p l i e d a p p r o a c h
c a p a b i l i t i e s t h r o u g h d e s i g n , i m p l e m e n t a t i o n a n d
t r a i n i n g o f B C C C I R T L A B .
T h e L a b o r a t o r y s t r e n g t h e n a b i l i t i e s a n d a u t o m a t i o n
o f t h e t e a m , h e l p e d B G D e - G O V C I R T t o f u l f i l i t s
f u n c t i o n a l r e s p o n s i b i l i t i e s a n d a s s i s t e d i n p r o v i d i n g
C I R T s e r v i c e s i n a l i g n m e n t w i t h l a t e s t F I R S T C S I R T
S e r v i c e s F r a m e w o r k .
Build Your Own CSIRT/SOC – Real Projects Experience
B H U T A N N A T I O N A L
C Y B E R S E C U R I T Y
I N C I D E N T R E S P O N S E
T E A M D E V E L O P M E N T
Bringing maturity and stability to Bhutan's digital economy
via enhanced cyber security and national BtCIRT
establishment.
Fully operational BtCIRT was set up within the Department
of IT & Telecom in the Ministry of Information and
Communications in order to coordinate information flow,
respond to and manage cyber threats, and enhance cyber
security in the country.
Build Your Own CSIRT/SOC – Real Projects Experience
C Y P R U S C I R T
E S T A B L I S H M E N T
C y p r u s C S I R T w a s e s t a b l i s h e d i n o r d e r t o
c r e a t e a t e a m o f p r o f e s s i o n a l s w h o m o n i t o r
a n d a n a l y z e c y b e r i n c i d e n t s i n t h e n a t i o n a l
d i g i t a l e n v i r o n m e n t o f C y p r u s a n d m a n a g e
v a r i o u s s t a k e h o l d e r s t o h a n d l e a n y t h r e a t s .
N R D C y b e r S e c u r i t y h a s b e e n c h o s e n d u e t o
e x p e r i e n c e i n s i m i l a r s c o p e C S I R T p r o j e c t s .
A f t e r s u c c e s s f u l s e t - u p p r o c e s s , N R D C y b e r
S e c u r i t y t e a m h a s b e e n r e - t a s k e d w i t h
a d d i t i o n a l s c o p e o f d e v e l o p m e n t a c t i v i t i e s .
Build Your Own CSIRT/SOC – Real Projects Experience
S E C U R E S O F T S E C U R I T Y O P E R T I O NC E N T E R M A T U R I T Y A S S E S M E N T
Secure Soft company offers cyber security solutions in a
couple of South American markets. In order to ensure that
the services and solutions they provide would be consistent
with international standards, the company wanted to assess
the level of maturity of their SOC as well as the capabilit ies
of the technologies they use.
NRD Cyber Security team has carried out the assessment
using a methodology that combines a broad spectrum of
f ields such as staff, business goals, technologies and
processes.
Build Your Own CSIRT/SOC – Real Projects Experience
5 key things to take away
1. Definitions matter: Cybersecurity, CSIRT/SOC, Incident, Mandate, Cybercrime…
2. CSIRT/SOC is a de-facto framework for cybersecurity operations
3. Experience ensures success,however it will still takes at least a year to build operations
4. There are experienced consultants to help your journey, however the actual work is done by you
5. Despite your size you should start now!
Build Your Own CSIRT/SOC – Real Projects Experience
Why to work with NRD Cyber Security?
1. Focused on building strong capable CERT/CSIRT/SOC teams at Clients
2. Constructing relevant visibility for technical and policy decision making on cyber security,
metrics
3. Proven track record of success around the world
4. Very cost competitive
Let’s have a chat [email protected]
www.nrdcs.lt
Y149
The photos used in the presentation are either the property of NRD Cyber Security or have been downloaded from www.pexels.com