Abstract image of a woman sitting on books and studying on a laptop

Next-Gen security operation center

M
Muhammad Sahputra

The document outlines the evolution and future of Security Operations Centers (SOCs), emphasizing the importance of adapting to next-gen technologies like Security Orchestration, Automation, and Response (SOAR) alongside big data and AI. It highlights that while SOCs traditionally emphasized human monitoring, the next-gen approach integrates automation to enhance efficiency and response times to cybersecurity threats. The ultimate goal is to improve operational effectiveness while acknowledging the critical role of human analysts in managing complex threats.

Technology
1 of 20
Downloaded 199 times
1
2
3
Most read
4
5
6
Most read
7
8
9
10
11
12
13
14
Most read
15
16
17
18
19
20
Next-Gen Security Operation Center Future-Ready Protection Against Targeted Attacks Muhammad Sahputra
Who..?
Motivation Behind Attacks Based on Stats - March 2018 Cyber Crime & Cyber Espionage mostly motivates hackers to launch attacks against targeted organisations
Cyber Kill Chain
– Gartner “A security operations center (SOC) can be defined both as a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance.” What is SOC?
Traditional Security Operation Center
Machine Logs 192.168.2.20 - - [28/Jul/2006:10:27:10 -0300] "GET /cgi- bin/try/ HTTP/1.0" 200 3395 127.0.0.1 - - [28/Jul/2006:10:22:04 -0300] "GET / HTTP/1.0" 200 2216 x.x.x.90 - - [13/Sep/2006:07:01:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:01:51 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:21 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:50 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 [Fri Dec 16 01:46:23 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /home/test/ [Fri Dec 16 01:54:34 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /apache/web- data/test2 [Fri Dec 16 02:25:55 2005] [error] [client 1.2.3.4] Client sent malformed Host header [Mon Dec 19 23:02:01 2005] [error] [client 1.2.3.4] user test: authentication failure for "/~dcid/test1": Password Mismatch • Application Logs • Service Logs • Event Logs • System Logs
Security Information Event Management “Traditional SOC put more weight on people by introducing 24/7 security monitoring activities”
External Data Magic Word: Threat Intelligence
People-Centric SOC Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
People-Centric SOC “People-Centric SOC introduce painful issue to organisation” “Don’t you think it is inhuman to let people watch the screen for 8 hours especially in the middle-of night”? “It is industry 4.0 era”
“Next-Gen Security Operation Center vision is to improve technology, people, and process in Traditional SOC”
Use Case: Improving MTTD- MTTR Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
Solution: SOAR
SOAR Next-Gen SOC utilise SOAR (Security Orchestration Automation and Response) to perform actionable insights and interaction with another component in the network
Use Case: Vulnerability Management System Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
Solution: Bigdata and AI Next-Gen SOC pushes forward the limits of a tri-dimensional paradigm. It needs to increase the detection surface and decision velocity, decrease reaction time by utilising bigdata analytics combined with AI technology “Potensi serangan DDoS terhadap website IDNIC (Indonesia Network Information Center) dengan URL https://www.idnic.id (203.119.13.145) pada tanggal 29 November 2018”.
Analytics in Next-Gen Security Operation Center Next-Gen SOC preventing breaches from happening, by leveraging big data and supercomputing capabilities
Summary • No, Next-Gen SOC doesn’t intend to replace Human with Machine • Rarity of Human in IT Security forces us to be more creative within Industry 4.0 era • People role “improved” i.e Trainer for the Machine, Analysing only high classified unknown-complex threat, Data scientist, … • Convert your facility from Traditional to Next-Gen need proper plan: Map according to your organisation requirement, focus on what is the most pain point, improve them with machine
END

More Related Content

PDF
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PPTX
Security operation center (SOC)
Ahmed Ayman
 
PDF
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
PPTX
SOC Architecture Workshop - Part 1
Priyanka Aash
 
PPTX
SOC and SIEM.pptx
SandeshUprety4
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security operation center (SOC)
Ahmed Ayman
 
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SOC and SIEM.pptx
SandeshUprety4
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 

What's hot (20)

PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PDF
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
PPTX
Security Operation Center Fundamental
Amir Hossein Zargaran
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
PPTX
Security operation center
MuthuKumaran267
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
PPTX
Soc
Mukesh Chaudhari
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
PDF
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
PDF
Introduction to QRadar
PencilData
 
PDF
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
PPTX
WHY SOC Services needed?
manoharparakh
 
PPTX
Security Information and Event Management (SIEM)
hardik soni
 
PDF
Governance of security operation centers
Brencil Kaimba
 
PDF
Building A Security Operations Center
Siemplify
 
PPTX
SOAR and SIEM.pptx
Ajit Wadhawan
 
PDF
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
PPTX
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Security Operation Center Fundamental
Amir Hossein Zargaran
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Security operation center
MuthuKumaran267
 
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Soc
Mukesh Chaudhari
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Introduction to QRadar
PencilData
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
WHY SOC Services needed?
manoharparakh
 
Security Information and Event Management (SIEM)
hardik soni
 
Governance of security operation centers
Brencil Kaimba
 
Building A Security Operations Center
Siemplify
 
SOAR and SIEM.pptx
Ajit Wadhawan
 
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Ad

Similar to Next-Gen security operation center (20)

PDF
security operations center by Manage Engigne
hackeronehero
 
PDF
Ijetr042329
Engineering Research Publication
 
PPTX
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
Azim191210
 
PDF
Changing the Security Monitoring Status Quo
EMC
 
DOC
Take back your security infrastructure
Anton Chuvakin
 
PDF
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
PDF
Alienvault how to build a security operations center (on a budget) (2017, a...
Al Syihab
 
PPTX
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
PDF
What's behind a cyber attack
Andreanne Clarke
 
PDF
Use Exabeam Smart Timelines to improve your SOC efficiency
JonathanPritchard12
 
PPTX
Optimizing Security Operations: 5 Keys to Success
Sirius
 
PPT
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
PDF
What Is Cyber Threat Intelligence | How It Work? | SOCVault
SOCVault
 
PPTX
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
SonuSingh81247
 
PDF
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Leslie McFarlin
 
PDF
Intrusion Detection System using Data Mining
IRJET Journal
 
PPTX
Fundamentals of SOCs and CERTS for decision makers
farhad712
 
DOCX
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
PPTX
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
PPTX
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
security operations center by Manage Engigne
hackeronehero
 
Ijetr042329
Engineering Research Publication
 
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
Azim191210
 
Changing the Security Monitoring Status Quo
EMC
 
Take back your security infrastructure
Anton Chuvakin
 
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Al Syihab
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
What's behind a cyber attack
Andreanne Clarke
 
Use Exabeam Smart Timelines to improve your SOC efficiency
JonathanPritchard12
 
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
SOCVault
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
SonuSingh81247
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Leslie McFarlin
 
Intrusion Detection System using Data Mining
IRJET Journal
 
Fundamentals of SOCs and CERTS for decision makers
farhad712
 
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Ad

Recently uploaded (20)

PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PPTX
SGT Report The Beast Plan and Cyberphysical Systems of Control
hopegirl587
 
PDF
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PPTX
Microsoft User Copilot Training Slide Deck
zohoron1
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PDF
MENA-ECEONOMIC-CONTEXT-VC MENA-ECEONOMIC
Mustafa Kuğu
 
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
PDF
LMS bot: enhanced learning management systems for improved student learning e...
IAESIJAI
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
PPTX
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 
PDF
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
SGT Report The Beast Plan and Cyberphysical Systems of Control
hopegirl587
 
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
Microsoft User Copilot Training Slide Deck
zohoron1
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
MENA-ECEONOMIC-CONTEXT-VC MENA-ECEONOMIC
Mustafa Kuğu
 
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
LMS bot: enhanced learning management systems for improved student learning e...
IAESIJAI
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 

Next-Gen security operation center

  • 1. Next-Gen Security Operation Center Future-Ready Protection Against Targeted Attacks Muhammad Sahputra
  • 3. Motivation Behind Attacks Based on Stats - March 2018 Cyber Crime & Cyber Espionage mostly motivates hackers to launch attacks against targeted organisations
  • 5. – Gartner “A security operations center (SOC) can be defined both as a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance.” What is SOC?
  • 7. Machine Logs 192.168.2.20 - - [28/Jul/2006:10:27:10 -0300] "GET /cgi- bin/try/ HTTP/1.0" 200 3395 127.0.0.1 - - [28/Jul/2006:10:22:04 -0300] "GET / HTTP/1.0" 200 2216 x.x.x.90 - - [13/Sep/2006:07:01:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:01:51 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:53 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:07:00:21 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:53 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/2.5 HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:59:50 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/[xxxx]/trunk HTTP/1.1" 401 587 x.x.x.90 - - [13/Sep/2006:06:58:52 -0700] "PROPFIND /svn/[xxxx]/Extranet/branches/SOW-101 HTTP/1.1" 401 587 [Fri Dec 16 01:46:23 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /home/test/ [Fri Dec 16 01:54:34 2005] [error] [client 1.2.3.4] Directory index forbidden by rule: /apache/web- data/test2 [Fri Dec 16 02:25:55 2005] [error] [client 1.2.3.4] Client sent malformed Host header [Mon Dec 19 23:02:01 2005] [error] [client 1.2.3.4] user test: authentication failure for "/~dcid/test1": Password Mismatch • Application Logs • Service Logs • Event Logs • System Logs
  • 8. Security Information Event Management “Traditional SOC put more weight on people by introducing 24/7 security monitoring activities”
  • 9. External Data Magic Word: Threat Intelligence
  • 10. People-Centric SOC Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
  • 11. People-Centric SOC “People-Centric SOC introduce painful issue to organisation” “Don’t you think it is inhuman to let people watch the screen for 8 hours especially in the middle-of night”? “It is industry 4.0 era”
  • 12. “Next-Gen Security Operation Center vision is to improve technology, people, and process in Traditional SOC”
  • 13. Use Case: Improving MTTD- MTTR Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
  • 15. SOAR Next-Gen SOC utilise SOAR (Security Orchestration Automation and Response) to perform actionable insights and interaction with another component in the network
  • 16. Use Case: Vulnerability Management System Define vision for the team. Evaluate budgetary / resource concerns First line of monitoring. Eys-on-Glass monitoring. Basic analysis, following SOPs / playbooks Actively look for loop holes in network / system / configuration Actively looking for threat information and correlate it with assets belong to the organisation Look deeper in to security incidents. Assist in investigating cyber crimes Remediate security incidents ASAP based on analysis performed by security analyst Actively dive-in to SIEM data to look for suspicipous activities especially unknown threat / zeroday Configure, fine- tune and maintain SIEM solution Second line of monitoring. Having more experienced on security analysis Coordinate with all team members. Define and document process. Run the operations
  • 17. Solution: Bigdata and AI Next-Gen SOC pushes forward the limits of a tri-dimensional paradigm. It needs to increase the detection surface and decision velocity, decrease reaction time by utilising bigdata analytics combined with AI technology “Potensi serangan DDoS terhadap website IDNIC (Indonesia Network Information Center) dengan URL https://www.idnic.id (203.119.13.145) pada tanggal 29 November 2018”.
  • 18. Analytics in Next-Gen Security Operation Center Next-Gen SOC preventing breaches from happening, by leveraging big data and supercomputing capabilities
  • 19. Summary • No, Next-Gen SOC doesn’t intend to replace Human with Machine • Rarity of Human in IT Security forces us to be more creative within Industry 4.0 era • People role “improved” i.e Trainer for the Machine, Analysing only high classified unknown-complex threat, Data scientist, … • Convert your facility from Traditional to Next-Gen need proper plan: Map according to your organisation requirement, focus on what is the most pain point, improve them with machine
  • 20. END

Editor's Notes

  • #5: Cyber kill chain merupakan model yang dipopulerkan oleh lockheed martin dan menunjukan bagaimana fase real targeted cyber attack terjadi. Apabila satu dari fase tersebut terputus maka targeted attack dapat digagalkan. Ini adalah salah satu objektivitas kebutuhan SOC.
  • #6: Berikan story kenapa suatu organisasi butuh SOC. Ceritakan sedikit mengenai konsep cyber killchain lockheed martin.