SOC

Black Hat Asia NOC: Malware visibility

By Chris Thomas and Mike Sconzo In the Black Hat Asia NOC we worked to ensure the wireless network was available for presenters and attendees. As part of our monitoring, we kept an eye open for any malware present on the network. RSA NetWitness® Suite’s Malware Detection capabilities look for network sessions containing file-types typically…

The evolution of a Threat Pattern

In an era of agile development and digital transformation, any application is subject to ongoing enhancement and improvement. Indeed, software engineering is a complex process with many interdependent tasks where multiple functions share responsibilities to strike a balance between software quality and business objectives, regardless of the specialized nature of the teams within the organizational…

The Latest From The RSA NOC At Black Hat Asia

When sitting in the Network Operations Center (NOC) for one of the world’s largest hacker and security conferences, sometimes no news is good news. Here in the Black Hat Asia NOC, we anticipated and prepared for the region’s hackers to come and share a wireless network. Following initial set-up, during the training days, we observed…

Testing a Threat Pattern: Quality is Never an Accident

John Ruskin, one of the great visionaries of the 19th century, said “Quality is never an accident; it is always the result of intelligent effort”, in our continuing journey through the lifecycle of a threat pattern, we are now at the testing phase. After analyzing  requirements, asset and threats, designing a general and reusable model for the threat pattern and implementing the…

Are we leading by example?

It was a great week leading the RSA Conference Security Operations Center (SOC) Team consisting of RSA systems engineers, RSA Incident Response analysts and our partners at Cisco AMP Threat Grid. The Security Operations Center previously monitored the Black Hat conference network, but this was a first-time exhibit at RSA Conference. The team signed onto…

A View From the #RSAC SOC – Part 2

In today’s world, cameras are just about everywhere – in stores, on the streets, inside of cars, and many other locations.   Now, imagine you are a bank employee and your bank had no cameras – would you feel secure?   Probably not.   The reality is that many organizations have no “security cameras” on their networks to…

Launching the Security Operations Center (SOC) at RSA Conference

Welcome to RSA Conference 2017! The RSA Conference SOC team set up the Security Operations Center over the weekend. We were here along with scores of construction crews re building huge booth displays for some of the largest security companies in the world. It was a long weekend of building, lighting – and of course…

Mastering the implementation of a Threat Pattern

In previous posts we have discussed two of the most critical phases in the “The Lifecycle of a Threat Pattern”: analysis and design. In the analysis phase the objective is to fully understand the asset in scope by getting deeper into the context to formulate a set of residual risks to which the asset might be…

Engineering The Design Of A Threat Pattern

In our journey of developing and maintaining threat patterns, we have now arrived at a critical phase: the design. While the need of an implementation phase is immediate as well as the evaluation of the background analysis in order to build something meaningful (as explained by my colleague, Demetrio Milea) – the intermediate design phase is the…

Revisiting the SOC Structure

Building and maintaining skill sets and expertise in a SOC is a difficult task – and many security leaders face this challenge. They are not able to retain best of the talent for long term. There are too many tools for them to invest in,,, too many alerts that pop up when the tools are…