News & Blog

Next generation of the Security Operations Center

Next generation of the Security Operations Center

We started a project called “SOC-ng the next generation”, aiming to contribute to the solution by limiting the core problem of human presence and their quality in the SOC.

The SOC stands for the Security and Operations Center, the core of all large ICT environment security. It is the central point where all logs and events are collected, evaluated and where action is taken.

These logs and events received in the SOC are to be analysed by security experts. Currently, however, there is a lack of qualified security experts that can analyse and keep an eye on the behaviour of the client’s environment.

This problem results either from the general lack of people or from the lack of their professionality and motivation, as the work can be quite monotonous, especially when working only with one client.

Our company solves this problem. We have mastered the processes of headhunting, training and sustaining continuous improvement of the analysts, we have improved the analysation process itself, enabling our analysts to protect the customer’s environment much better, and thanks to multiple customers the work is more challenging and thus also more interesting and more attractive to our analysts.

HUMAN INVESTIGATION SOLVED WITH MACHINE LEARNING APPROACH

Based on our experience and vast data we’ve been collecting, we are convinced that the weakest point, which is the human investigation, can be solved with a new technology – the machine learning approach.

We believe that investigation processes, which require common sense and analytical thinking, can be taught to machine learning with better results than to humans.

Therefore we started a project called “SOC-ng the next generation”, aiming to contribute to the solution by limiting the core problem of human presence and their quality in the SOC.

Traditionally, there are several different ways of attack detection and most of them are based on the signature detection. However, attackers have adapted to this approach long time ago by using obfuscation or polymorphism to make the processes seem legitimate and avoid any detection.

This results in almost 200.000 new malicious code modifications per day. To be able to detect and limit any further spread of these codes, first the attacked victims must be detected, then specialists must analyse the malicious code/traffic and choose detection patterns and finally distribute these new patterns among defenders.

This process takes a significant amount of time, which means the Zero Day vulnerabilities could have been attacking the system for days and systems without updates haven’t been protected at all.

These threats are utilized for advanced persistent threat (APT) attacks and can be hard to detect. Zero-day vulnerabilities are available on their own big dark market which makes it easier for the criminals and state actors to obtain powerful weapons to attack the state, business and the military or strategic infrastructure.

By using the machine learning and the analytical technologies, we can train the detection systems for automated and non-signature based detection and investigation of any behavioural patterns of attacks even before the exact code has been revealed and analysed. This may improve the real-time protection against not-yet-analysed codes and network attack strategies.

Similarly, the machine learning systems could be trained on a particular ICT environment to recognize its standard operation. If the environment behaviour diverts from the learned pattern, operators would be immediately notified.

The goal is to minimalize human interaction in the SOC by replacing people with machines trained for proper investigation.

 

Subscribefor more usefull articles


I agree and consent to and want to receive useful articles (Newsletter) by email from company Binary Confidence that contain useful articles and information from IT Security industry or about security projects or achievements of this company. Company Binary Confidence will not share my personal data with any third party for marketing or other purposes. other recipients, except company MailChimp that provides platform for sending our useful articles (Newsletters). I can withdraw my consent at any time on info@binconf.com or on +421 232199980 or by opt out link in each Newsletter email. I have read and understood the Privacy Policy and I agree how my personal data are processed and what my rights are in respect of processing my personal information for purpose of subscription for useful articles (Newsletter). I declare that I am over 16 years old.

Contact

Address

Binary Confidence s.r.o.
Špitálska 53,
811 01 Bratislava
Slovak republic

E-mail

info@binconf.com
support@binconf.com

Telephone

+421 2 321 999 80

I agree with Privacy and Data Protection Policy
By clicking [I agree] you consent to processing your personal data by company Binary Confidence s.r.o. and you accept Privacy and Data Protection Policy.