This article explains how you build your first SOC (Security Operation Center) using a new generation vulnerability assessment scanner and a SIEM (System Information and Event Management) such as IBM QRadar, HP ArcSight or Elastic Stack which is the software that we have chosen.
Nowadays, most organizations have a NOC (Network Operation Center) to monitor their network and to ensure availability of services. This NOC is usually built on tools such as Nagios, HP OpenView but also New Relic, to monitor networks, systems, performance, applications and the web sites.
Once you have established your NOC, the next step is to monitor security. As highlighted by the study of October 2015 from PWC, the progression of the cyber attacks in the world is constant, and last year it growed by 38%. Moreover, for the french companies the average cost of a cyber attack are great and represented 772,942 € in 2015 according to the report of NTT Security of January 2016.
Therefore, the first important step for a CISO is to know the security level of its IT. Most companies choose an approach one-shot to vulnerability assessment, pentests or security audits. However, best practices such as the NIST 800-137 (National Institute of Standards and Technology) preconize vulnerability assessment and log analysis in continuous mode.
Achieving the goal of protection against cyber attacks and risk reduction makes the CISOs create a SOC. It will allow a complete view of the IT security state, of attack detection, of vulnerabilities knowledge and therefore to establish her or his priorities.
Our first SOC includes the two following tools:
To build your first SOC download our White Paper that details its implementation.
Elastic Detector is integrated easily with all SIEM such as Elastic Stack or other commercial products. The White Paper shows how you can create your first SOC by using Elastic Detector and Elastic Stack in a simplified way. You can centralize your logs in Elastic Stack and build dashboards with key indicators most relevant to your company.
Elastic Detector brings information about vulnerabilities which can be correlated in Elastic Stack. Vulnerabilities quantify your cyber resilience and help to prioritize and reduce security alerts.
To add a new generation vulnerability scanner to your existing SOC download our White Paper.