Integrated Security Operation Center – ISOC
You Cannot Fight What You Cannot See
For those of you asked about last month’s podcast, I offer you this post to help answer your questions.
One of the largest concerns in the United States, regarding cyber security, is how to secure the electrical grid. By consolidating all events into what we call a single pane of glass, we are able to see everything that is occurring in an environment; the more data you are able to analyze the better you are able to understand and address the issues you are facing.
It is not unusual for a SOC analyst to manage three different SOC’s; you will see in the diagram below, that you are able to incorporate an operational technology, the business network, and nuclear/plant network into one central management system, by creating a central location for all devices.
If you have malware in your OT network (operational technology network – SCADA) and there is a cyber-attack, it is extremely beneficial if you are able to centrally manage the malware. If you notice the IOC’s (indicators of compromise) pattern, which may include hash’s, IP addresses, virus signatures, URL’s, domain names of C&C, and other observables, and you have to validate it in three different controls, in can take easily takes weeks. If it is one single pane of glass, you are able to much more easily search all of the events and discover all of the patterns, understanding how it is swimming in your network. Take a look at the PDF to better understand this concept, and by all means continue to contact me.
We need the electrical grid to be safely secured, so that we can all stay Connected.
To see the presentation, please click on the arrows on the bottom left hand corner:ISOCv2