Stock exchanges are a critical element of any country’s financial ecosystem. They are the platforms that let businesses offer their stock for trading in an open market. While India has numerous stock exchanges, the BSE Ltd, (Formerly, Bombay Stock Exchange), stands out as the country’s oldest and most reputable one.
BSE Limited, located in Mumbai, is one of Asia’s oldest stock markets and one of the biggest stock markets in India, founded in 1875. In 2017 BSE become the 1st listed stock exchange in India. As of February 2021, BSE Limited is the world’s seventh-largest stock exchange, and in Jan 2022 it had a market capitalization of US$3.6 trillion.
Like any other financial sector/BFSI company, cybersecurity is a critical element for safeguarding public data and money. The fact that cybersecurity is no longer an option, but a necessity has resulted in a paradigm shift from a compliance-based strategy to a risk-based approach. Cyber-attacks are becoming more sophisticated, and the companies in addition to prevention must also build a robust detection, response, and recovery mechanism in order to effectively mitigate risks.
As firms become more exposed to numerous attack vectors, prioritization of cybersecurity infrastructure is a top business objective. And therefore, Security Operations Centre (SOC) is now a must-have critical component of every security plan that aims to lower the risk that information systems face from both external and internal threats.
The Challenge: Limited Capabilities and Adaptability of SOC
Today’s information and technology infrastructure is ridden with complexity, and organizations are mostly unable to monitor threats, prevent attacks, or scale and change as threats are growing in intensity with little or no prior intimation. Therefore, without the right technology, people, and threat intelligence, it is seemingly impossible to cope. Besides, traditional SOC faces a delay in incident reaction time, which allows attackers to dwell for a longer period thus becoming successful in attacks.
“The challenge is to have continuous cybersecurity for all information assets and gain complete control and visibility across systems and networks of the organization,” says Shivkumar Pandey, Group CISO, BSE Limited.
“The right balance of people, procedure, and tooling is essential for establishing a successful SOC. From a Network Operations Center (NOC), which also does security monitoring to a Cyber Defence Centre that provides real-time monitoring and reaction capabilities against cyberattacks, the SOC has come a long way,” he says.
SOC is a strategic deployment where cyber incidents are detected and responded to. It is the SOC that enables an organization to develop and mature detection and response capabilities in a systematic manner to protect information assets. The SOC team is responsible for monitoring, triaging, escalating, and responding to cyber incidents and attacks, and it is an organization’s first line of defense.
Talking about the traditional SOC model, Shiv highlights several limitations as mentioned below:
- Traditional SOCs are incapable of detecting sophisticated and advanced attacks due to the limited visibility provided by tooling and techniques.
- These models necessitate dedicated analysts and incident response teams always working in tandem. It is a difficult task to find and retain qualified professionals for these purposes.
- The time it takes to respond to sophisticated attacks is increasing dramatically, and the requirement is to build continuous monitoring and continuous threat protection processes. The traditional SOC’s limited capabilities are insufficient to meet this requirement.
The Solution: 24X7 Next-gen SOC
With the advancement of digitization and disruptive technologies such as IoT, 4G/5G networks the attack surface has grown exponentially, the next-gen attacks are more targeted, dynamic, and polymorphic in nature making them hard or impossible for detection and response considering the requirement of volume and variety of data that needs to be acquired and evaluated to identify and act on sophisticated type of cyber-attacks. Also, the attackers are becoming sharper and smarter. They use cutting-edge technologies to penetrate into the networks unannounced, exploiting not only technology loopholes but also process flaws to steal information.
“24X7 Next-Gen SOC is the enterprise’s answer to effectively mitigating cyberattacks. However, their implementation can be challenging,” says Shiv.
The 24X7 Next-Gen SOC, also known as SOC 2.0, aims to address these constraints by creating an ecosystem that greatly enhances an enterprise’s cyber defense capabilities. Apart from SIEM following are some must-have technologies that shall be considered and configured to work as a system to detect and prevent sophisticated cyber-attacks.,
- Usage of Artificial Intelligence and Machine Learning Technologies (AI&ML): Such technologies help apply an advanced level of analytics and reduce the turnaround times to identify and act on unknown or potential cyber threats.
- User and Entity Behaviour Analysis (UEBA): Humans are considered the weakest link in Cyber Security and while you put all the efforts to ensure they are trained and made aware, there is always a risk of potential vulnerability is created due to humans in an overall cyber security echo system and thus having an AI-based UEBA can help identify such risky user or associated system and help to mark them for proactive monitoring actions.
- Technology for Advanced Persistent Threat Protection (Anti-APT): Attacks have become more sophisticated and targeted, nowadays attacks are not only to disrupt the systems but to impact the brand’s values and extract data and information using sophisticated tricks and tactics. APT technologies play a crucial role here in helping to identify such attacks in a proactive manner.
- DDoS Mitigation Technology: With the implementation of 4G and 5 G-based internets the speed and scalability of the internet for end-users have tremendously increased and generating a large-scale DoS attack is now very easily feasible for any novice cyber attacker. Having technology in place is a necessity in today’s world.
- EDR and XDR: With the adoption of an open approach and work from anywhere, the permitters have now shifted to endpoints, and it has become a necessity that the controls are implemented at endpoints, technologies like EDR help to achieve it and then the XDR top up on it provides complete visibility and analytics and integrated view of cyber security alerts and risk from the endpoint and perimeter devices.
- Threat Intel Feeds and Threat Intel Platform (TIP): One of the keys enabled for Next-Gen Soc is having a good Threat intel feeds and platform, it acts as a key input provider to NextGen SOC on ongoing and newly identified threats and assesses their enablement and ability to protect from such attack vectors.
- Brand and Dark Web Monitoring: Today we are in a connected world where many things are going on, with multiple social media platforms and the internet-connected systems. Cybercriminals are always finding a way to impersonate any brand or company to lure users/customers in their tactics to gain financial or information-related benefits. Platforms like brand monitoring help identify such impersonators and take proactive actions before they cause any harm using your brand value. Similarly, the Dark web is mostly used by cybercriminals to exchange information and exploits which can result in future threats for any specific brand or industry, or software, having a TAP on it is strategically necessary to ensure you are one step ahead in planning your protection against such potential threats.
- Deception Technology: Deception help you create decoys where you can lure cyber criminals and take proactive action before they realize and plan any cyber-attack.
- Zero Trust Security / Secure Access Service Edge (SASE): With the adoption of cloud-enabled services and a mix of the usage of application at on-premises and cloud, Technology frameworks like Zero Trust Access and SASE helps you strategically define access and control on Information system and Data to protect from any losses while enabling access from anywhere.
- Governance Risk Compliance (GRC): While it focuses mostly on process and people, it is one of the very essential parts of overall Cyber Security strategy and it is essential that organization have a GRC tool in place to track all their regulatory, audit and compliance requirements proactively and effectively.
While there can be more, these are a few technologies and cybersecurity control I believe are necessary to move any SOC1 to SOC2 with a strategic Cyber Security People, Process, and Technology alignment in place.
“The whole technology implementation was done with a singular and collaborative objective in mind that the next-gen SOC shall give us the capability to continuously improve our defence and we shall remain ahead of adversaries. We were quite concerned that organizations’ information assets are protected and available without any performance delay or disruption. The technology was identified and implemented to cover all aspects of information systems from people to processes to technology,” says Shiv.
Key Features of 24X7 Next-Gen SOC at BSE:
- Better visibility and control of data and information assets
- Continuous security posture assessment and alert of any kind of cyber security anomaly
- Continuous protection from ever-evolving threat vectors like Malware, Zero-Days, DDoS, APTs, etc.
- Enabling Dark web and Surface web monitoring to identify relevant threats well in advance and take mitigation and corrective actions
- Real-time threat intel integration to identify any cyber security threat proactively
- Usage of AI&ML to reduce the overall investigation and action time for cyber security alerts
- Continues User and Entity Behaviour Analysis (UEBA) to identify and act on anomalous user activities
- Usage of data governance and data-enabled policies to control any data exfiltration
- Continuous threat simulation-based employee awareness and training
- Helps achieve perimeter-less security starting from endpoints
- Ensures complete governance and control of roaming users and assets while the systems are exposed over the internet in situations like the current Covid19 pandemic
“Having a next-gen SOC allows us to have a dynamic and proactive Cyber Security approach that acts as a real bastion for analysis, monitoring, prevention, and remediation of cyber incidents. Technology has become a vital organ to run a business. The impact of cyber adversaries has grown beyond proportion and ensuring continuous protection has become a daunting task. Today, it is very important that you are strategically aligned with people, process, and technology to cover Availability, Confidentiality, and Integrity”, says Shiv while summing up the rationale behind a robust next-gen SOC.
NOTE: This story is based on the nomination submitted by Shivkumar Pandey for the 8th Annual Dynamic CISO Excellence Awards 2022. Shivkumar Pandey and his Security team won the Dynamic CISO Visionary CISO Award 2022 for this.