CSIRT/SOC establishment

About CSIRT/SOC

Cyber-attacks to digital infrastructure and assets are globally among the top risks as indicated in The Global Risks Report 2019. Despite various efforts to mitigate, the likelihood of cyber-attacks is continuously increasing not only for private organizations, but also for governments, sectors and even nations.

• Are organization’s/government’s/sector’s/nation’s digital assets secure?
• Is an organization/government/sector/nation able to timely detect and respond to cyber incidents?
• How to ensure and preserve confidentiality, integrity and availability of digital information?

These and related questions arise after facing critical incidents, like leakage of confidential data or a shutdown critical infrastructure facility due to Advanced Persistent Threat (APT) or denial of service attacks.

How NRD Cyber Security builds CSIRTs/SOCs?

NRD Cyber Security establishes actionable, service-based internal, sectorial, and national CSIRTs and SOCs as a turnkey solution for clients. NRD Cyber Security CSIRT/SOC stacks integrate the following vital components:  

• Governance: Mandate definition along with roadmap and strategy preparation
• People/skills: Providing skills for incident detection and response, threat hunting and digital forensics
• Processes and services: Incident detection and handling using L1/L2/L3 or custom approach, cyber threat intelligence, threat hunting, Vulnerability Assessments and Penetration Testing (VAPT), process automation and reporting, standard operating procedures
• Technologic capability: IDS, SIEMS, LOG, IPS, FW, NGFW, CTI, SD4IR and SOAR tooling
• Measurements: KPIs, SLAs, applying international best cybersecurity practices, such as SIM3 or SOC-CMM models
• International recognition: Assessments and introduction to Forum of Incident Response Teams (FIRST.Org), TF-CSIRT community

The typical NRD Cyber Security baseline for CSIRT/SOC establishment is:

1. Performing initial assessment
2. Preparation of a detailed CSIRT/SOC design and implementation plan
3. Preparation (review) of CSIRT/SOC mandate
4. Preparation of technical solutions architecture along with identification and proposal of alternatives for most suitable components
5. Preparation of essential policies and procedures
6. Implementation of technology solutions
7. Training sessions for staff
8. Soft launch
9. Update and upgrade of security operations
10. Official launch
11. Continuous support after the launch

Depending on the assignment, first actionable results usually come within the 4 months. Please contact us for more detailed CSIRT/SOC implementation plan.

Benefits

CSIRT/SOC allows:

• Manageable, coordinated and competent one-stop centers to deliver cybersecurity services for its constituencies;
• Effective, efficient and integrated cyber incident detection, response and recovery services to the constituency;
• Applied best international practice in a form of technology selection, delivery, operations, maturity assessments and roadmaps;
• Maximized Return on Investments (ROI);
• Recognition among cybersecurity community locally and internationally.

Proven track record

In 2015-2019, NRD Cyber Security has successfully established 3 national / government CSIRTs in Bangladesh, Bhutan, and Cyprus, implementing various SOC/CSIRT capabilities building projects in Lithuania, Bangladesh, Egypt and South Africa.

Company experts continuously engage in cyber security projects in private sector, academia, and military. NRD Cyber Security is a member of various international organizations, like GFCE, ITU-D, ECSO, FIRST.Org, and Trusted Introducer.

Below you can find 4 different CSIRT/SOC stacks.