CSOC Setup and Security

Questions and Answers

What is a primary concern when hiring a Service Provider CSOC?

• Reputation of the provider
• Background checks on employees
• Documentation of internal security policies
• All of the above (correct)

What is a significant advantage of an In-house CSOC over a Service Provider CSOC?

• Faster implementation
• Customizable solutions (correct)
• Cost-effectiveness
• Easier to manage

What is a potential disadvantage of an In-house CSOC?

• Higher potential for collusion between analyst and attacker
• Less likely to recognize large-scale, subtle patterns
• Difficulty in finding competent CSOC analysts
• All of the above (correct)

What is a crucial aspect of evaluating a Service Provider CSOC's security?

Level of security at their CSOC (B)

What is a common concern when implementing an In-house CSOC?

Showing ROI quickly (D)

What is a benefit of using an In-house CSOC over a Service Provider CSOC?

More likely to notice correlations between internal groups (D)

What is a key consideration when evaluating a Service Provider CSOC's capabilities?

All of the above (D)

What is a potential drawback of an In-house CSOC?

All of the above (D)

Study Notes

CSOC Setup

• A typical CSOC setup involves considering two options: Service Provider (Outsourced) and In-house CSOC.

Service Provider (Outsourced) CSOC

• Questions to consider when selecting a Service Provider:
  • Reputation of the provider
  • Experience in serving customers in the same industry
  • Background checks performed on new employees
  • Data protection and security level
  • Documentation of internal security policies and procedures
  • Use of contractors for services
  • Well-defined SLAs
  • Exit strategy
• Popular Service Providers include:
  • Ensign
  • SecureWorks (Dell)
  • Solutionary
  • WiPro
  • Tata
  • CenturyLink (Savvis, Qwest)
  • McAfee
  • Verizon (Cybertrust / Ubizen)
  • Orange
  • Integralis
  • Sprint
  • EDS
  • AT&T
  • Unisys
  • VeriSign
  • BT Managed Security Solutions (Counterpane)
  • NetCom Systems

In-house CSOC

• Questions to consider when setting up an In-house CSOC:
  • Staff competencies (skills and knowledge) to manage a SOC
  • Assessing staff competencies
  • Documenting SOC processes and procedures
  • Developing a training program
  • Designing the physical SOC site
  • Hiring and maintaining adequate staff levels
• Advantages of In-house CSOC:
  • Dedicated staff
  • Better understanding of the environment
  • Easier customization of solutions
  • Potential to be most efficient
  • More likely to notice correlations between internal groups
  • Logs stored locally
• Disadvantages of In-house CSOC:
  • Larger up-front investment
  • Higher pressure to show ROI quickly
  • Higher potential for collusion between analyst and attacker
  • Less likely to recognize large-scale, subtle patterns
  • Difficult to find competent CSOC analysts

Outsourced CSOC

• Advantages of Outsourced CSOC:
  • Avoid capital expenses
  • Exposure to multiple customers in similar industry segment
  • Less potential for collusion between monitoring team and attacker
  • Potential to be very scalable and flexible
  • Expertise in monitoring and Security Information Management tools
  • SLA
• Disadvantages of Outsourced CSOC:
  • Contractors may not know the environment as well as internal employees
  • Sending jobs outside the organization can lower morale
  • Lack of dedicated staff to a single client
  • Lack of capital retention
  • Risk of external data mishandling
  • Log data not always archived
  • Log data stored off-premises
  • Lack of customization

Description

A quiz on setting up a typical CSOC (Cyber Security Operations Center) and security considerations, including questions to ask a service provider.