build your own csirt/soc real projects experience · 2018-06-12 · build your own csirt/soc...

ADD YOUR BRAND HERE

5th of June 201815.30 - 16.30

Build your own CSIRT/SOC –real projects experience

Dr. Vilius Benetis

Build Your Own CSIRT/SOC – Real Projects Experience

TRUSTED CYBER SECURITY NETWORKS AROUND THE WORLD


NRD CYBER

SECUR ITY

CS IRT/SOC deve lopment ,

technology consu l t ing ,

i nc ident re sponse, and

app l ied research company

NRDCS .L T


South & Southeast

Asia

Sub-SaharanAfrica

CentralAmerica

BUILDING CYBERSECURITY

CENTERS (CSIRTS) FROM 1998.

CSIRT/SOC TEAMS

ESTABLISHMENT GLOBALLY TO

CONFRONT CYBERATTACKS

AND CYBER CRIME.

CURRENTLY FULLY-PACKAGED

TEAM TRUSTED BY ITU FOR

THE JOB, GLOBALLY.

O U R P R O J E C T

G E O G R A P H Y

NRD Cyber Secu r i t y i s con t ro l l e d by INVL Techno l o gy , LTU . INVL Techno l o gy managed

compan i e s imp lem e n t p ro je c t s i n 50+ count r i e s wor ldw ide .


MISS ION

PARTNERSH IPS

I N BU I LD ING

CYBERSECUR IT Y

CENTERS

https://www.trusted-introducer.org/index.html

https://www.thegfce.com/

https://www.infobalt.lt/

http://www.ktu.edu/

http://www.ega.ee/

http://www.itu.int/en/ITU-D/Pages/default.aspx


True needs for CSIRT/SOCs

1. When attack hits:is there a skilled team ready to respond and handle cyber-incidents in the well known and internationally accepted Incident Response method?

2. Cyber crime is international:is your team trusted by international community to provide support in your investigations?


True needs for CSIRT/SOCs

3. Do you have clear definition:on cyber-incident and clear automation-assisted processes to handle it?

If yes, how do you know it works efficiently?

4. Do you believe that ITIL brought efficiency to your IT operations?

If yes, then CSIRT processes would bring the same to Cyber Security Response (CSIRT/SOCs)


Who should have CSIRT/SOCs?

When organization is substantially digital, i.e.:

1. Processes a lot of data especially sensitive: personal, financial, etc.

2. Automates processes heavily

3. Is part of critical infrastructure

4. Is highly susceptible to the cyber threats


Define: CSIRT/SOC/CERT/ISAC

IT Security Teams matures into:

Computer Security Incident Response Teams (CSIRT)

CSIRT is synonymous to:

• Computer Emergency Response Team (CERT),

• Cybersecurity Incident Response Team (CIRT),

• Product Security Incident Response Team (PSIRT),

• Information Sharing and Analysis Center (ISAC)

Security Operations Center (SOC) is:

A partial operations of CSIRT model, primarily focused on internal monitoring, detection and triage.


Financial CSIRT/SOCs

Sources: www.FIRST.org and www.trusted-introducer.org

Compiled by Vilius Benetis, April 2018

http://www.first.org/

http://www.trusted-introducer.org/


Securing digital assets – concept

Every digital asset has exposure

Establishment of CSIRT/SOCs enables

proactive and measured way of dealing

with cyber issues:• National

• Government

• Sectorial (e.g. banking, energy)

• Internal (SOC)

• Private CSIRTs

Governance

Technologies

Processes

People

Digital assets

• Data centers

• Data networks

• Information systems

• Servers

• Exchange platforms,

Certificate authorities

Who is protecting digital assets?

CSIRT/SOC


CSIRT model by FIRST.org

Source: https://www.first.org/education/service-framework

https://www.first.org/education/service-framework


BANGLADESH NAT IONAL

COM PUTER INC IDENT

RESPONSE TEAM

ESTABL I SHM ENT

Bangladesh e-Government Computer Incident Response

Team (BGD e-Gov CIRT) was established at BCC under the

project "Leveraging ICT for Growth, Employment and

Governance Project (LICT)", financed by the World Bank.

Certified BGD e-Gov CIRT establishment is the first stage

of the National CIRT development process .


Results support continuous growth in cyber ratings

In 2017 Bangladesh went up in cyber security ratings of

International Telecommunications Unit (ITU):

• Reached maturing country‘s status along with other 76

countries

• Made to the TOP 15 countries in Asia & Pacific and

reached 53 position out of 165.

• Reached maximum level in technical cyber security

measures


Results support continuous growth in cyber ratings

Foreign investors use ITU Global Cyber

Security Index as a reference to evaluate

country’s cyber wellness profile before

making investment decisions


HOWTO MAKE IT WORK?


CSIRT

CSO/CISO

Policy Makers / Board

Digital assets protection (Applications, Networks)

Incidents detection, coordination, resolution

Response coordination

(National CERT)

International recognition

Establishing CSIRT/SOC

Partners:

LEA, IA, Private, Research

Constituency


CSIRT/SOC

CSO/CISO

Board / Policy Makers

Early warning functionDeeper level of cyber

threat visibility

Cyber threat s i tuat iona l awareness

and ana lys i s sect ion ( for SOC)

LEA, IA, Private, Research


Different CSIRT/SOC stacks


B A N G L A D E S H C S I R T L A B

E S T A B L I S H M E N T

A f t e r t h e e s t a b l i s h m e n t o f B G D e - G o v C I R T , t h e

n e e d f o r i n c r e a s e d m a t u r i t y w a s i d e n t i f i e d a n d B C C

C I R T L A B w a s e s t a b l i s h e d t o p r o v i d e B G D e - G o v

C I R T w i t h a d d i t i o n a l O S I N T , i n c i d e n t i n v e s t i g a t i o n ,

e d u c a t i o n a n d s c i e n t i f i c a p p l i e d a p p r o a c h

c a p a b i l i t i e s t h r o u g h d e s i g n , i m p l e m e n t a t i o n a n d

t r a i n i n g o f B C C C I R T L A B .

T h e L a b o r a t o r y s t r e n g t h e n a b i l i t i e s a n d a u t o m a t i o n

o f t h e t e a m , h e l p e d B G D e - G O V C I R T t o f u l f i l i t s

f u n c t i o n a l r e s p o n s i b i l i t i e s a n d a s s i s t e d i n p r o v i d i n g

C I R T s e r v i c e s i n a l i g n m e n t w i t h l a t e s t F I R S T C S I R T

S e r v i c e s F r a m e w o r k .


B H U T A N N A T I O N A L

C Y B E R S E C U R I T Y

I N C I D E N T R E S P O N S E

T E A M D E V E L O P M E N T

Bringing maturity and stability to Bhutan's digital economy

via enhanced cyber security and national BtCIRT

establishment.

Fully operational BtCIRT was set up within the Department

of IT & Telecom in the Ministry of Information and

Communications in order to coordinate information flow,

respond to and manage cyber threats, and enhance cyber

security in the country.


C Y P R U S C I R T

E S T A B L I S H M E N T

C y p r u s C S I R T w a s e s t a b l i s h e d i n o r d e r t o

c r e a t e a t e a m o f p r o f e s s i o n a l s w h o m o n i t o r

a n d a n a l y z e c y b e r i n c i d e n t s i n t h e n a t i o n a l

d i g i t a l e n v i r o n m e n t o f C y p r u s a n d m a n a g e

v a r i o u s s t a k e h o l d e r s t o h a n d l e a n y t h r e a t s .

N R D C y b e r S e c u r i t y h a s b e e n c h o s e n d u e t o

e x p e r i e n c e i n s i m i l a r s c o p e C S I R T p r o j e c t s .

A f t e r s u c c e s s f u l s e t - u p p r o c e s s , N R D C y b e r

S e c u r i t y t e a m h a s b e e n r e - t a s k e d w i t h

a d d i t i o n a l s c o p e o f d e v e l o p m e n t a c t i v i t i e s .


S E C U R E S O F T S E C U R I T Y O P E R T I O NC E N T E R M A T U R I T Y A S S E S M E N T

Secure Soft company offers cyber security solutions in a

couple of South American markets. In order to ensure that

the services and solutions they provide would be consistent

with international standards, the company wanted to assess

the level of maturity of their SOC as well as the capabilit ies

of the technologies they use.

NRD Cyber Security team has carried out the assessment

using a methodology that combines a broad spectrum of

f ields such as staff, business goals, technologies and

processes.


5 key things to take away

1. Definitions matter: Cybersecurity, CSIRT/SOC, Incident, Mandate, Cybercrime…

2. CSIRT/SOC is a de-facto framework for cybersecurity operations

3. Experience ensures success,however it will still takes at least a year to build operations

4. There are experienced consultants to help your journey, however the actual work is done by you

5. Despite your size you should start now!


Why to work with NRD Cyber Security?

1. Focused on building strong capable CERT/CSIRT/SOC teams at Clients

2. Constructing relevant visibility for technical and policy decision making on cyber security,

metrics

3. Proven track record of success around the world

4. Very cost competitive

Let’s have a chat [email protected]

www.nrdcs.lt

Y149

The photos used in the presentation are either the property of NRD Cyber Security or have been downloaded from www.pexels.com

http://www.pexels.com/

build your own csirt/soc real projects experience · 2018-06-12 · build your own csirt/soc...

Documents