ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What are the best monitoring practices in a Security Operations Center?

user-image
تم إضافة السؤال من قبل Gourab Mitra , Manager IT Project Program and Delivery Management(Full Time Contract/Consulting Role) , IXTEL(ixtel.com)
تاريخ النشر: 2014/07/02
Pushpendra Chavan
من قبل Pushpendra Chavan , Technical Support Engineer , Red Hat Software Services (India) Pvt. Ltd., Pune

If you ask me, I would suggest to watch out the following things so closely on routine basis.

 

1. Changes in the filesystem : This will let you know that nothing unusual is happening in your Server on Filesystem level.

2. The Storage/memory statistics : If a hacker gets into your system or the server gets attacked by some viral program, it eats up the space causing the degraded performance.

3. The Firewall Configurations : Closely monitor this. No changes shall be happened without your notice. Always close the unnecessary ports

4. Process Management: Check out the ps output on routine basis, kill unusual processes or report them. Monitor the D state/hanged processes.

5. RPM/Package Database : Watch out which are the approved packages the system has been installed with. This activity is so important as this can cause the rpm database corruption as well.

6. User Administration : Who logs in/Who logs out, monitor the secure log.

7. Disable the shutdown binary or watch it using audit : this one is important as well.

8. Look out at the activities of the sudo users and adjust there permissions and authorities.

9. Setup Auditing on sensitive files/directories to monitor user activities on the same.

 

There might be more, but the above is the list I can think of at the moment.

mohammed alaa borji
من قبل mohammed alaa borji , CISO , Confidentiel

in Soc you must have many level:

1- classic : firewall , Ips, Ids ...

2- SIEM

3- some tools to monitor network devices,server  and services

4- LDAP

... 

Faizan Sajid
من قبل Faizan Sajid , IT Security & Solutions Specialist , Taqat Technologies

A recommended and best practice for monitoring includes following but not limited to the below :

1- An industry recommended SIEM Solution for performing event correlation and root cause analysis for security incidents.

2- Advanced Network and Endpoint Malware analysis (sanboxing).

3- Network Traffic analysis using Machine learning, network forensics and Threat intelligence

4- Future trends and Proactive Threat feeds monitoring 

Hemza ATOUB
من قبل Hemza ATOUB , Sr. CYBER SECUIRITY Consultant IT/OT Certified IBM QRadar| Arcsight SIEM | ISO 27k1 | ICS | 20 CSC , CONFIDENTIAL

Configure SIEM To Monitor IoA  Indicator of Attacks This can give you a good visibility of Infrastructure Security

You must Know that SOC isn't only Technology but always: People-Process-Technology

Gokul Mannu
من قبل Gokul Mannu , Senior Network Security Engineer , WIPRO LLC

a) Scalable Analytics Engine

b) Consolidated warehouse for security data or cross indexed series of data stores.

c) Centralized Management dashboard

d) Pattern based threat monitoring techniques

e) Ticketing system f) Rich correlation of incidence information

g) Full network packet capture

h) Data and Identity classification and Access Management solution

i) Integrated Compliance and governance management tools.

j) Data Analytics and Forensic tools. 

Nikhil Jaiswal
من قبل Nikhil Jaiswal , Senior Security Analyst , SISA Information Security

For better practice you can use following ttools, i am also mentioning open source tools,

1. Firewall,IDS,IPS--> Suricata,Snort(For IDS IPS)

2.Data Loss Prevention--> Open DLP or MyDlp

3.Threat Intelligence--> Open Taxi

4.SIEM-->SIEMonster,Elasticsearch,Kibana,Logstash

 

After configuring check logs are properly coming or not from all devices and services(e.g Apache,tomcat)

Wissam Khabbaz
من قبل Wissam Khabbaz , Manager cyber security architecture , Abu Dhabi Islamic Bank

data analytics platforms in top of a SIEM tool

Francisco Macabutas Jr
من قبل Francisco Macabutas Jr , Security Supervisor , G4s - PSSI

Best thing that we can do is that, we have to follow the SOP of the company. Stay calm and always on top of the situation that may arise.

المزيد من الأسئلة المماثلة