Introduction to Cybersecurity Operations PDF

Summary

This presentation introduces cybersecurity operations, covering various aspects such as threats, actors, and the SOC. It also touches on the growing need and impact of cyber security in the digital age.

Full Transcript

Introduction to Cybersecurity
Operations

TEMASEK POLYTECHNIC SCHOOL OF
INFORMATICS & IT
Topics to cover
Cybersecurity Dangers & Impacts

Threat Actors

Security Operations Center (SOC)

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Cybersecurity Threats & Dangers
Imagine a world when there is no
cybersecurity..
Cybersecurity Threats & Dangers
From Forbes Advisor website on global statistics
regarding cyber attacks:

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Cybersecurity Threats & Dangers
What about the situation here in Singapore?

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Cybersecurity Threats & Dangers
What about the situation here in Singapore?

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Cybersecurity Threats & Dangers
Prevalence and dependency of technology =
Greater need for cyber security.

However, in many organisations, cyber
security is considered as a hindrance!

Availability vs Security

More cyber security controls and implementations
= more $$$ (but is that a good reason?)
TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Threat Actors
Every single
cyberattack starts with
a threat actor.

Can be either
individuals or groups of
individuals.

Root cause of
cyberattacks are based
TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
on motivations of the
(T62)
Threat Actors

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Threat Actors
State-sponsored
threat actors =
paid/organised by a
country’s
government.

Presence of cyber
units in many first-
world countries and
counterintelligence
agencies.
TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Threat Actors

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Security Operations Center
(SOC)
What a SOC is in 40 seconds 

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Security Operations Center
(SOC)
A typical SOC structure looks like this (from
SANS):

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Security Operations Center
(SOC)
Tier Descriptions
Tier 3 – Threat hunting + develop
preventive measures.

Tier 2 – Deep-dive incident analysis
+ advise remediation

Tier 1 – Triage
(initial analysis + incident
confirmation)

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Security Operations Center
(SOC)
SOC Ticketing System raises a security
alert.
Tier 1 SOC Analyst will be assigned to
triage the alert. Tier 3 Threat
Hunters will
T1 investigates the alert to identify if the continue further
incident is a 'false positive' or a 'true investigation on the
positive'. incident to identify
True positive the root cause and
T2 conducts in-
develop preventive
False depth analysis and
measures.
positiv provides
e eradication/recovery
steps.
True positive True positive

Incident Resolved

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Security Operations Center
(SOC)
Technologies and
Terminologies
SIEM
Security Information and
Event Management
Platform to aggregate all
types of logs into ONE
search platform

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Security Operations Center
(SOC)
Technologies and
Terminologies
SOAR
Security Orchestration,
Automation and Response
Platform that performs:
Aggregation of security
alerts
Automate incident
investigation and response
workflows (via playbooks)
TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Incident Response Lifecycle
Why is the SOC structure
like that?

In terms of Incident
Response, the process
itself has several phases.

Different tiers of the SOC
structure cater to the IR
lifecycle (diagram on the
right)
TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Incident Response Lifecycle
Incident Response Lifecycle Phase Brief Description
Preparation To be ready in responding to
incidents.

Tools and resources are to be ready at
a moment’s notice.

Detection & Analysis Focuses on identifying attack vectors
and signs of an incident.

Usage of precursors and indicators
using a variety of sources for analysis
(e.g SIEMs, IDPSs, antivirus softwares)

TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62)
Incident Response Lifecycle
Incident Response Lifecycle Brief Description
Phase
Containment, Eradication & Containment involves identifying and
Recovery (CER) isolating the main assets responsible for
the incident

Once incident has been contained,
eradication may be necessary to remove
affected components.

Recovery involves restoring of affected
systems back to normal operations.

Post-Incident Activity Discuss on the lessons learned from the
incident.

Provide actionable steps /
TEMASEK POLYTECHNIC SCHOOL OF
recommendations to ensure that the
INFORMATICS & IT | Diploma in CYBERSECURITY & DIGITAL FORENSICS
(T62) incident does not happen again.