Building Effective Security
Operations Center
Tithirat SiripattanalertCISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT, ITIL, ISO270001 LA
Chief Information Security Officer and Chief Data Officer
True Digital Group
Building Effective Security Operation Center
• Cyber security incidents
• Myths of setting up SOC
• Consideration in selecting SOC technology
• Required skill set and development plan
• Security incident response plan
• Ecosystem of advanced SOC
Cyber Security Incidents
Cyber Security Incidents
Myths of Setting up SOC
• Technology alone can prevent us from cyber attack
• SOC jobs are for junior staff
• Collect logs from everything without understanding
• Technology choices are easy and straightforward
• If there’s an incident, we can figure our response out
then
Considerations in Implementing SOC
Know your environment
Classify your assets and define clear goals
Choose flexible and scalable technology
Develop incident response plan
Required Skill Set and Development Plan
• Threats and vulnerabilities
• Security tools fundamental
• System and network
• Logical thinking
• Incident Response
• Number of staff : 14-28 staff
Security Incident Response Plan
• Clear role and responsibility
• Cyber drill incident response
PR Legal IT HRExecutive
Call Center
Third Party
Sample Internal Metrics to Monitor SOC Effectiveness
• Escalation fidelity
• Number of false positive alerts
• Number of high severity incidents in open status
• Time to notify for high severity incidents
Ecosystem of Advanced Security Operations Center
Advanced SOC
Endpoint Detection
and Response User &
Entity Behavior Analytics
Network Traffic
Behavior Analytics
Automation &
Orchestration
Vulnerability Management
Threat Intelligence
Incident Response
• Know your environment
• Classify your assets and define clear goals
• Choose flexible and scalable technology
• Develop incident response plan