The need and necessity to prevent major cyber-crimes and adoption of the centralized security operations in business is paramount said an expert addressing a webinar that highlighted the importance of Cyber Security Operations Center (CSOC). The Ministry of Transport and Communications (MoTC) recently organised a webinar titled ‘Dive into Next Generation Cyber Security Operations Center’. The webinar introduced a comprehensive approach to collect different views and mentioned the joint state-of-art or the next generation SOC environment.
Traditionally, there are several different ways of detection of attacks and most of them are based on signature detection. However, attackers have adapted to this approach long time ago by using obfuscation or polymorphism to make processes seem legitimate.
Expert Ahmet Top, Regional Pre-Sales Manager at Barikat Cyber Security based in Qatar delivered a presentation about the general concept, terminology, and next generation concept of operations site.
He also highlighted the functional requirement, the skill set requirements and steps to get to the roadmap to prepare organization for this kind of next generation security operations center.
He said, “Cyber Security Operations Center (CSOC) is not a new concept. Around 15 years ago it was introduced to the market, but its importance has increased significantly in last five years”.
The last few years were years of digital transformation. Traditional network environments were upended by the rapid adoption of new technologies like cloud infrastructure, applications and services, social media, the virtualization of data centers, the integration of IoT technologies, and the continued expansion of mobility, BYOD – ‘Bring Your Own Device’, and related applications. The next-generation CSOC is tech-driven and people-enhanced. That is, it relies more on automation and incorporates tools, like machine learning, that can flag unusual behaviours and identify things never seen before.
The traditional SOC includes continuous monitoring, detects known threats, notification, reporting whereas the next generation has functions like threat intelligence, auto triage, auto containment and rapid investigation, he added.
