During the recent years, there is an alarming rise in the number, severity, and sophistication of cyberattacks to Vietnam, investments in information security measures fromcompanies and organizations also grow in amount and methodology. Instead of independent and specific solutions that can only counter parts of an attack, users nowadays are convinced of comprehensive, multi-layer solutions, which can detect and eliminate unprecedented risks. And SOC is one of those solutions!

1. What is a Security Operation Center (SOC)?

Security Operation Center, or SOC, is a unit comprises of experienced security experts, that utilizes various evaluation and alarm procedures on one supervisory central to process all security problems. This system will constantlyreview, analyze, report, and prevent cyber threats, simultaneously deal with any problems that incurred on the computers, servers, and networks that it supervises.

2. Why should business and organizations set up SOCs?

According to statistics, in the first 9 months of 2019, Vietnam ranked 11th in the most hacked nations of the world and ranked 3rd in that of South East Asia (after Indonesia and Singapore), with the total number of attacked websites having reached 8.406. Along with those are 6.219 cases of cyber-attacks up until July 31, 2019 – according to a report from Viet Nam Computer Emergency Response Teams (VNCERT), which shows that Vietnam is enduring large-scale attacks with high frequencies and rising sophistication. Attacks can be Phishing, Deface, or Malware, nonetheless making organizations and individuals alike suffer from heavy financial and trust losses, wasting a lot time to rectify the mess leftafter each attack.

Being a perfect combination of 3 core values in the fields of Information Technology and Information Security, including: People – Technology – Process, SOC is the final barrier, which solves the remaining lack of security devices, should they be easily overcame by professional criminals.

SOC connecting People – Technology – Process. Source: logsign.
  • People: The experts in SOCs, assigned with clear tasks to maneuver the system.
  • Technology: Supervisory, analysis, problem detection, and trace investigation solutions.
  • Process: Regulations, procedures, and information security policies deployed on the system.

Setting up a Security Operation Center aligns with improving the ability to detect security problems via constant supervision and analysis of data activities. SOC systems will analyze these activities throughout organizations, networks, endpoints, servers, and databases in order to ensure in-time detection and respond to security problems. Due to the enclosed cycle and complimentary support of the aforementioned 3 elements, SOC can review and respond to underlying threats on a 24/7 basis, thus reduce the lag between intrusion and detection, helping organizations to become more proactive in countering cyberthreats.

3. What are the major functions and missions of SOC?

In order to contribute to the safety of all devices and data of an organization, SOC experts have to ensure the following tasks:

  • Proactively supervise the real-time security status of the entire system on one single central control interface.
  • Periodical scans and automatic security checks throughout the whole system.
  • Manage day records and responses (provide authorities with accurate information in cases where investigation is deemed necessary).
  • Detect security holes and vulnerabilities in the network system and propose corresponding solutions.
  • Rank anomaly alarms at each network nodes (or on each devices), where severity corresponds to urgency of elimination.
  • Early alarms of weaknesses and possible security threats, adjust defense.
  • Rescue support and processing of cyber security problems.
  • Remote control, manage, and command.
  • Maximize automation of task procedures, optimizes human resources in system maneuvering.
  • Send real time or periodical reports (daily, weekly, monthly, quarterly, annually).

Each of these missions are one crucial function of SOC in keeping the whole organization well-protected. By combining all the above tasks, SOC will maintain the system’s stability and respond suitably, smartly, and instantly in case of infringement.

4. Building and operative an SOC

Building a Security Operation Center is a rather complex process, but it is still not as challenging as ensuring that the SOC runs smoothly and effectively.

The first and most important step that all businesses need to do before setting up a comprehensive  SOC is to determine on clear strategies and aims, at the same calculate necessary internal support. Then, organizations have to review evaluations of current IT systems, as well as build and add needed protection systems like Firewall, Intrusion Detection System (IDS), Antivirus (AV), Distributed denial-of-service (DDoS), and so on.

Next step is improving tracking systems, including supervising, tracing, as well as analysis and response to incidents. Finally, training personnel carefully and building suitable response procedures to connect all the above components together to form a comprehensive security model for the system.

Model function and component structure of an SOC.

Operating SOC needs to be done by a team of experienced experts, divided to separate levels by functions, missions, and severity of problems:

  • Level 1: Alert Analysts’ mission is to track, supervise, and alarm according to the 24/7 system. Upon being alarmed, they will analyze, evaluate, and redirect problems to Incident Responder or SME/Hunter.
  • Level 2: Incident Responders’ mission is to receive alarms from Alert Analysts. After identifying and analysis of security events, these experts will categorize, rank, and evaluate urgency to issue alarms of possible threats.
  • Level 3: SMEs/Hunters are experienced experts in information safety with high professing. These specialists will directly handle security problems, investigate and issue commands to prevent those problems.
  • Level 4: Finally, SOC Managers are people will full control over SOC systems, including staff, budgets, and procedure contents. SOC Managers receive reports, analysis, and evaluation results from SMEs/Hunters, and also act as representatives in case of issues occurring.

From the above information regarding SOCs, we hope that businesses and organizations will gain a deeper insight about the role and benefits of Security Operation Centers. However, for entities with basic IT systems that lack in security knowledge, experienced personnel, and response procedures, to build and operate SOCs is still a rather faraway dream. This is the reason to the foundation of VSOC (Virtual Security Operations Centers.

Thien Ly – FPT HO

Part 2: VSOC (Virtual Security Operations Centers) – the optimal information safety solution for SMEs.

Related posts: