CyberSOC: Build the Security Infrastructure to Mitigate Attacks

Today we live in an increasingly digital world, and cybercriminals are trying to profit from their illegal actions. Companies must be prepared to respond to these threats that can cause serious financial damage, as well as reputational damage. Organizations are deploying their CyberSOC teams to provide incident response and security services.

Years ago, everyone depended on the SOC (including firewalls, WAF, SIEM, etc.) and the priority in building the SOC provided security for the company. However, with the arrival of cybercriminals, the threat becomes more of a challenge, and the SOC cannot provide sufficient security for the organization. There are many reasons for the failure of the existing SOC, where it only depends on SIEM.

CyberSOC

What does SIEM contribute to the security of a company

SIEM stands for Security Information and Event Management. SIEM solutions are based on detecting suspicious activities that threaten the systems of an organization, with the aim of solving them immediately. These SIEM tools can process a large number of event logs. In this way, they then send alerts about security breaches and suspicious activities that are occurring.

software de seguridad y hacking de 2020

One problem that SIEMs have is that they store too much useless unstructured data. For this reason, finding the cause or solving an urgent incident will not be possible, since it will take a lot of time and effort to analyze all the information.

Many organizations believe that the integration of all security devices such as firewalls, routers, SIEM etc, will provide 100% security. However, this is false since the APTs emerged.

Attacks by APT groups

APT stands for Advanced Persistent Threat. This concept rose to fame after the disclosure of attacks carried out by a Chinese military unit called APT.

The moment the defenders started learning, the attackers also evolved better and started attacking in groups. These APT groups are exploiting the applications we use frequently, and exploiting them for years until they are discovered. In this article we have a tutorial in which we explain how to protect ourselves from APTs .

Businesses must have an advocacy model with CyberSOC

Organizations need to be prepared to receive these attacks, they need a CyberSOC team to respond to incidents and control security services. Our defense against APT or other attacks must be built by thinking about how our opponent acts. In that sense, to prepare our defense model, we must know the tactics they use, how they enter, how they spread and how data is exfiltrated.

Another important factor is threat intelligence that provides information on global threats. Many vendors are providing threat matrix information, tools used, artifacts used, etc. Therefore, we must be up to date on the threats that can affect our companies.

VPN para teletrabajar con seguridad

We know that APT groups are well trained to exploit a vulnerability. In that sense, that information that we have collected should be used to correct these security breaches before attackers exploit them.

With all this it would not be enough, it is necessary to do more work, in this case of prevention. Every organization should have threat search teams looking for suspicious events and making sure they do not turn into incidents. For this, an exhaustive search within our network must be carried out, among other things of:

  • Network beacons.
  • Internal privilege escalations.
  • UAC derivation.
  • Suspicious tunnels.

Likewise, we must take care so that the residence time of these cybercriminals is as short as possible, so as not to allow them enough time to find the most vulnerable points of the network. For this reason, the hardening of the equipment is essential, to delay cybercriminals from being able to compromise the system.

Finally, if all else fails, we must respond to the incident, but if we are prepared with a CyberSOC team and we have done our homework well, the consequences of this cyber attack will undoubtedly be much less.