I-SOC: Iziko leMisebenzi yoKhuseleko

Uhlaziyo lokugqibela: 30 Oktobha ka-2024
umbhali: I-Dr369
SOC

AmaZiko okuSebenza ngoKhuseleko (SOC) ngumqolo wokhuseleko lwamashishini. Ii-SOCs zinokuntsonkotha, ngoko ke kubalulekile ukuqonda indlela ezisebenza ngayo kunye nento eziyenzela umbutho wakho. Kweli nqaku siza kuchaza ukuba yintoni iSOC kwaye isebenza njani. Siza kubonelela ngezona ndlela zilungileyo zokwakha iqela elisebenzayo lokhuseleko elibandakanya yonke into ukusuka kuhlalutyo lwedatha ukuya kwimpendulo yesiganeko, okukuvumela ukuba wakhe isiseko esiluqilima sokukhusela eyona asethi ibaluleke kakhulu yenkampani yakho.

I-SOC: Iziko leMisebenzi yoKhuseleko

Yintoni iSOC?

I-SOC liziko lemisebenzi yokhuseleko. Kulapho yonke idatha yakho, izixhobo, kunye nabasebenzi bagcinwa kwindawo enye ukuze basebenzisane ukukhusela inethiwekhi yenkampani yakho.

I-SOC ihluke kwi-NOC (iZiko lokuSebenza kweNethiwekhi) kuba igxile ekuboneni ukuhlaselwa okanye ukwaphulwa kunokugcina nje imeko. I-NOC inokubeka iliso kwiiseva okanye iirotha kwimiba yokusebenza, kodwa ayenzi enye into: ayizami ngokukhutheleyo ukunqanda umsebenzi ongalunganga ukuba ungenzeki kwiinethiwekhi zayo.

I-SOC ithatha le ngcamango ngakumbi ngokusebenzisa izixhobo eziyinkimbinkimbi, ezifana neenkqubo zokubona ukungena kwe-intrusion (IDS) kunye ne-firewall, ukukhangela ukuba umntu uye wazama ukufikelela kwinto engafanelekanga, njengesiseko sedatha sangaphakathi esinolwazi olunovakalelo lomthengi, kunye nokuthatha inyathelo ngokuchasene naloo mntu ukuba kuyimfuneko, ngokuqhawula uxhulumaniso lwabo okanye ukubiza ukuthotyelwa komthetho ukuba kuyimfuneko.

Ukhuseleko

Ihlabathi ledijithali liye landa kakhulu, kwaye kunye nalo, ukunyuka kwezisongelo ze-intanethi. Ijongene nale nyaniso, imibutho ifuna ukugcina intembeko yezinto zabo zedijithali kwaye ikhusele ulwazi oluyimfihlo lwabathengi babo. Kukule meko apho i-SOC: Iziko leMisebenzi yoKhuseleko ivela.

I-SOC liziko lomyalelo kunye nolawulo elinoxanduva lokubeka iliso nokulawula ukhuseleko lweziseko zophuhliso lombutho. Yiseti ehlanganisiweyo yabantu, iinkqubo kunye nobuchwepheshe obugxile ekuboneni, ekuhlalutyweni nasekuphenduleni kwiingozi ezinokubakho kunye nobuthathaka ngaphakathi kwendawo yedijithali yombutho.

Ukubaluleka kokuba ne-SOC kuxhomekeke kwinto yokuba ibonelela ngembono ye-360 ° yokhuseleko lombutho, eyivumela ukuba iqikelele kwaye ilawule ngokuqhubekayo nasiphi na isiganeko sokhuseleko esinokuvela. Ukongeza, i-SOC inceda ukuphucula ukomelela kombutho, ukunciphisa ukubonwa kwesoyikiso kunye nexesha lokuphendula, ukunciphisa ifuthe lezehlo, kunye nokuqinisekisa ukuqhubeka kweshishini.

Ngokufutshane, i-SOC ibekwe njengecandelo elibalulekileyo kwisicwangciso sokhuseleko semibutho yanamhlanje. Indima yayo ephambili kukuqinisekisa ukubonwa kwangaphambili kwezisongelo, ukukhuselwa kweziseko ezingundoqo zedijithali kunye nokuphendula ngokukhawuleza kuso nasiphi na isiganeko sokhuseleko esinokubeka ingqibelelo yombutho emngciphekweni.

Imisebenzi ye-SOC

I-SOC, okanye iZiko leMisebenzi yoKhuseleko, yindawo esembindini apho imisebenzi enxulumene nokhuseleko lolwazi kunye nokukhuselwa kwee-asethi zedijithali zombutho zenziwa.

Kwi-SOC, iqela leengcali eziqeqeshwe kakhulu ezikhethekileyo kukhuseleko lolwazi kunye ne-cybersecurity lijongene nokubeka iliso, ukuhlalutya nokuphendula kwiziganeko zokhuseleko, ezifana nemizamo yokungena, i-malware, i-Denial of Service (DDoS) ukuhlaselwa, phakathi kwabanye.

Eyona njongo iphambili ye-SOC kukuqinisekisa imfezeko, imfihlo kunye nokufumaneka kolwazi kumbutho. Ukufezekisa oku, i-SOC isebenzisa indibaniselwano yobuchwephesha obuphezulu bokhuseleko, izixhobo zokuhlalutya idatha, iinkqubo zokufumanisa ukungenelela kunye nolwakhiwo olukhethekileyo lombutho.

Uxanduva lwe-SOC

Imisebenzi ephambili ye-SOC ibandakanya oku kulandelayo.

Ukubeka iliso kunye nohlalutyo lweziganeko zokhuseleko

Iqela le-SOC lihlala libeka iliso kwiziganeko kunye nezilumkiso eziveliswa zizixhobo zokhuseleko eziphunyezwe kwintlangano. Ezi ziganeko zinokubandakanya iinzame zokungena, ukuziphatha ngendlela engaqhelekanga, itrafikhi ekrokrisayo, okanye ezinye izinto ezikrokrisayo.

  Ukhuseleko lwekhompyuter: Iziseko kunye nemisebenzi
Ukufunyanwa kwesiganeko kunye nempendulo

Xa isiganeko esifanelekileyo sokhuseleko sifunyenwe, iqela le-SOC lenza uphando olukhawulezayo ukufumanisa ubunzima besiganeko kwaye lithatha amanyathelo afanelekileyo okunciphisa umngcipheko kunye nokunciphisa impembelelo kumbutho. Oku kubandakanya uhlalutyo lomthetho, ukulungiswa kweenkqubo eziphazamisekileyo, kunye nokuphunyezwa kwamanyathelo okuthintela ukuphepha iziganeko ezifanayo kwixesha elizayo.

Uhlalutyo lomngcipheko

I-SOC yenza uhlolo oluqhubekayo lweengozi ezijongene nombutho kwaye yenza iingcebiso zokuyinciphisa. Oku kubandakanya ukuhlalutya ubuthathaka, izisongelo ezivelayo, kunye nokuchonga ukwaphulwa kokhuseleko okunokwenzeka.

Ulawulo lwezehlo kunye nokuphendula

Iqela le-SOC linoxanduva lokulungelelanisa nokulawula iziganeko zokhuseleko, ukusuka ekubhaqweni ukuya kwisisombululo. Oku kubandakanya ukunxibelelana nezinye iindawo zombutho, ezifana nolawulo lwe-IT, iqela lezomthetho, kunye neendawo ezichaphazelekayo.

Ekugqibeleni, i-SOC idlala indima ebalulekileyo kukhuseleko lombutho, ibonelela ngoluhlu olongezelelweyo lokukhusela kunye nokwenza ukuba kuphendule ngokukhawuleza nangempumelelo kwizisongelo zokhuseleko.

Amacandelo angundoqo e-SOC

Ukuze i-SOC isebenze ngokufanelekileyo, ifuna inani lamacandelo abalulekileyo asebenzisanayo ukuqinisekisa ukhuseleko lombutho. Amacandelo aphambili e-SOC achazwe ngezantsi:

Abasebenzi abakhethekileyo

Iqela le-SOC lenziwe ngokhuseleko lolwazi kunye neengcali ze-cybersecurity ezinolwazi lobugcisa kunye nezakhono ezithile zokubeka iliso kunye nokuhlalutya iziganeko zokhuseleko. Eli qela lingabandakanya abahlalutyi bezokhuseleko, iinjineli zokhuseleko, abaphandi benkundla, kunye nabasebenzi bokuphendula ngeziganeko.

Izixhobo zokhuseleko

I-SOC isebenzisa iintlobo ngeentlobo zezixhobo eziphambili kunye nobuchwepheshe bokubona, ukuhlalutya, kunye nokuphendula kwiziganeko zokhuseleko. Ezi zixhobo zingabandakanya ukufumanisa ukungena kunye neenkqubo zokuthintela (IDS / IPS), i-firewall, iinkqubo zolawulo lwelogi (SIEM), uhlalutyo lokuziphatha komsebenzisi (UEBA), iinkqubo zokuphendula iziganeko (IR), phakathi kwabanye. Ezi zixhobo zinceda iqela le-SOC ukuba liqokelele kwaye lidibanise idatha kwimithombo eyahlukeneyo, ichonge iipateni ezingaqhelekanga, kwaye ithathe amanyathelo ayimfuneko ukukhusela umbutho.

Iinkqubo kunye neenkqubo

I-SOC ixhomekeke kwiinkqubo ezichazwe kakuhle kunye neenkqubo zokuqinisekisa imisebenzi yokhuseleko esebenzayo. Ezi nkqubo zinokubandakanya ulawulo lwezehlo, impendulo yosongelo, utshintsho kunye nolawulo lolungelelwaniso, uphononongo nohlaziyo lwemigaqo-nkqubo yokhuseleko, phakathi kwezinye. Ezi nkqubo ziqinisekisa ukuhambelana kunye nokuhambelana kwindlela iziganeko zokhuseleko eziphathwa ngayo kwaye zikhuthaza impendulo ekhawulezayo nelungelelaniswe kakuhle.

Ukubeka iliso rhoqo kunye nohlalutyo

I-SOC isebenza ngokuqhubekayo, ibeka iliso rhoqo kwaye ihlalutya iziganeko zokhuseleko kwiziseko zombutho. Oku kubandakanya ukuphonononga kunye nokulungelelanisa iilogi, ukuhlalutya itrafikhi yothungelwano, ukujonga imisebenzi yabasebenzisi, kunye nokuchonga ukuziphatha okukrokrisayo. Oku kubeka iliso okuqhubekayo kwenza ukuba kubonwe kwangethuba izisongelo kunye nokuphendula ngokukhawuleza kwiziganeko zokhuseleko.

Intsebenziswano kunye nonxibelelwano

I-SOC inxibelelana kwaye isebenzisane ngokusondeleyo nezinye iindawo zombutho, njengeqela le-IT, iqela lezomthetho, abaphathi abaphezulu, phakathi kwabanye. Le ntsebenziswano ibalulekile kwimpendulo esebenzayo kwiziganeko zokhuseleko, njengoko ulwazi olusongelo olufanelekileyo lwabelwana ngalo, izigqibo ezilungelelanisiweyo zenziwe, kwaye amanyathelo afanelekileyo okunciphisa aphunyezwa.

Ngamafutshane, i-SOC inabasebenzi abakhethekileyo, izixhobo zokhuseleko, iinkqubo kunye neenkqubo, ukubeka iliso okuqhubekayo kunye nohlalutyo, kunye nonxibelelwano olusebenzayo kunye nentsebenziswano, ukuqinisekisa ukhuseleko lombutho kunye nokukhuselwa kwempahla yayo yedijithali. La macandelo asebenza kunye ukuze abone, ahlalutye, kwaye aphendule kwiziganeko zokhuseleko ngexesha nangendlela efanelekileyo.

SOC vs. Ezinye iindlela zokhuseleko

Kwinkalo yokhuseleko lwe-cybersecurity, kukho iindlela ezininzi zokuqinisekisa ukukhuselwa kwempahla yedijithali yombutho. Enye yazo kukuphunyezwa kweZiko lokuSebenza koKhuseleko (SOC), kodwa kukho nezinye iindlela ezifanele ukuthelekisa. Nazi ezinye iiyantlukwano eziphambili phakathi kwe-SOC kunye nezinye iindlela zokhuseleko:

  I-TSforge Activation: Isixhobo esicela umngeni kuKhuseleko lweMicrosoft

SOC vs. Iqela lokhuseleko lwangaphakathi

I-SOC liqela elizinikeleyo, lokhuseleko lolwazi elisebenza rhoqo kwaye libeke esweni iziganeko zokhuseleko. Ngakolunye uhlangothi, iqela lokhuseleko lwangaphakathi linokuthi lilinganiselwe ngakumbi ngokwezibonelelo kunye nobuchule, kwaye linokugxila kwimisebenzi ethile yokhuseleko, njengokulawula i-firewalls okanye ukuphumeza imigaqo-nkqubo yokhuseleko.

SOC vs. UMboneleli weNkonzo yoKhuseleko oLawulwayo (MSSP)

I-MSSP ibonelela ngeenkonzo zokhuseleko ezilawulwayo kumbutho, ezifana nokugada ukhuseleko, uhlalutyo lwelogi, kunye nolawulo lwesiganeko sokhuseleko. Ngokungafaniyo ne-SOC yangaphakathi, i-MSSP ngumboneleli weqela lesithathu elinikezela ngezi nkonzo ngeqonga eliphakathi. Ngelixa i-SOC yangaphakathi inolawulo olukhulu kwimisebenzi yokhuseleko, ukusebenza ne-MSSP kunokubiza imali eninzi kwaye ivumele ukufikelela kwiingcali zokhuseleko eziqeqeshwe kakhulu.

SOC vs. I-SIEM (iNkcukacha zoKhuseleko kunye noLawulo loMnyhadala)

I-SIEM sisisombululo setekhnoloji esiqokelela, silungelelanise kwaye sihlalutye iilogi zokhuseleko kunye neziganeko ngexesha langempela. Ngelixa i-SIEM isisixhobo esibalulekileyo se-SOC, i-SOC idlula ngaphaya kwetekhnoloji. I-SOC idibanisa iteknoloji ye-SIEM kunye nabasebenzi abaqeqeshiweyo abanokuchonga ngokukhawuleza kwaye baphendule kwizoyikiso zokhuseleko, ngelixa i-SIEM kufuneka iqhutywe kwaye ilawulwe ngabasebenzi bokhuseleko ukuze isebenze.

SOC vs. Uhlalutyo lokuziPhatha komsebenzisi (UEBA)

Indlela esekwe kwi-UEBA igxile ekuziphatheni kwabasebenzisi kuthungelwano kwaye isebenzisa ii-algorithms eziphucukileyo zokubona imisebenzi engaqhelekanga kunye nezoyikiso ezinokubakho. I-SOC, ngakolunye uhlangothi, isebenzisa indibaniselwano yezixhobo kunye nobuchule, njenge-SIEM, i-IDS / IPS, kunye ne-forensics, kunye nohlalutyo lokuziphatha komsebenzisi, ukubeka iliso kunye nokuphendula kwiziganeko zokhuseleko.

Ngamafutshane, i-SOC yindlela ebanzi yokhuseleko edibanisa abasebenzi abakhethekileyo, iteknoloji ephezulu kunye neenkqubo ezisebenzayo zokuqinisekisa ukukhuselwa kombutho. Ngelixa kukho ezinye iindlela zokhuseleko ezikhoyo, i-SOC ibonelela ngeenzuzo ezibalulekileyo ngokunika impendulo ekhawulezileyo, ukubeka iliso okuqhubekayo, kunye nembono epheleleyo yokhuseleko lombutho.

I-SOC ngamanyathelo amahlanu

  • I-SOC ngundoqo wemisebenzi yakho yokhuseleko.
  • I-SOC ngundoqo wemisebenzi yakho yokhuseleko.
  • I-SOC yintliziyo yemisebenzi yakho yokhuseleko.
  • I-SOC yingqondo yemisebenzi yakho yokhuseleko.

Ukuvela kweZiko leMisebenzi yoKhuseleko

AmaZiko okuSebenza ngoKhuseleko (ii-SOCs) sele ekhona ixesha elide, kodwa atshintshile ekuhambeni kwexesha. Umbono wokuba neCOC okanye iSOC ayiyonto intsha kwaphela; Enyanisweni, eyokuqala yadalwa ngo-1971 yi-AT & T Bell Labs Ukususela ngoko, baye baba yinxalenye ebalulekileyo yesicwangciso sokhuseleko senkampani kwaye bahlala besetyenziselwa ukubeka esweni izinto ngaphandle kokhuseleko lwenethiwekhi.

I-SOC inokucingelwa njengokwandiswa kwesebe le-IT yenkampani yakho; Yenziwe ngabahlalutyi abajonga amanethiwekhi ukusuka kwiidesika zabo iiyure ezingama-24 ngosuku, iintsuku ezisi-7 ngeveki, iintsuku ezingama-365 ngonyaka, bekhangela iimpawu zemisebenzi ekrokrisayo okanye ukuhlaselwa kweenkqubo zabo ezinokuthomalalisa ingqibelelo okanye ukufumaneka kwedatha.

  Izitshixo ezisi-7 zokuQonda: Yintoni uQinisekiso lweMiba emibini?

Injongo kukubona izisongelo ngaphambi kokuba zenze umonakalo ngokuthatha amanyathelo afana nokuthintela i-traffic enobungozi ekungeneni kwinethiwekhi ngokusebenzisa i-firewall okanye izihlungi ze-imeyile; zibeke zodwa iikhompyuter ezosulelekileyo ukuze zingosuleli ezinye iikhompyuter kwinethiwekhi; Hlaziya isoftware yakho ye-antivirus rhoqo ukuze uqinisekise ukuba inotyikityo lwamva nje ngokuchasene neentlobo ezaziwayo ze-malware; sebenzisa isoftware ye-anti-malware efana ne-Malware Bytes Premium, ebona izoyikiso zosuku lwe-zero phambi kwakhe nabani na (ngaphezulu koku kamva); njl

Iindlela ezilungileyo zokusebenzisa a Iziko leMisebenzi yoKhuseleko

Ukongeza kwiimfuno ezingundoqo ze-SOC, nazi ezinye iindlela ezilungileyo zokukunceda ukuba wakhe ngempumelelo kwaye ugcine iziko lokusebenza lokhuseleko:

  • I-SOC kufuneka isebenze iiyure ezingama-24 ngosuku, iintsuku ezisi-7 ngeveki. Oku kuthetha ukuba iqela lakho kufuneka lifumaneke nanini na emini okanye ebusuku. Ukuba kukho isiganeko kwintlangano yakho, kufuneka ukwazi ukuphendula ngokukhawuleza ngaphandle kokulinda de kube semva komsebenzi okanye ngeempelaveki.
  • I-SOC kufuneka ibe nolwazi olukhethekileyo kuwo onke amacandelo: ulwazi lobugcisa alwanelanga! Uya kufuna abantu abangakwazi ukuhlalutya idatha evela kwimithombo eyahlukeneyo (kubandakanywa nezigodo), sebenzisa izixhobo ezifana ne-Splunk okanye ezinye iipakethi zesoftware yohlalutyo lwelogi njenge-ArcSight/IBM QRadar/LogRythm/etc., benze uphando lophando-nzulu xa kuyimfuneko (umzekelo, impendulo yesiganeko), yenza uhlalutyo lwenkundla yeefayile ezikrokrelekayo ezifunyenwe ngexesha lemisebenzi yokuzingela isongelo. kwaye nangokunjalo!

Olunye ulwazi malunga Iziko leMisebenzi yoKhuseleko

I-SOC ngumgca wokuqala wokukhusela ukhuseleko lwenkampani. Kulapho lonke ulwazi malunga nemisebenzi ekrokrisayo luqokelelwa kwaye luhlalutywe, nokuba luvela kwimithombo yangaphakathi okanye yangaphandle. I-SOC inabasebenzi abahlalutyi bezokhuseleko kunye nabaphenduli bezehlo abaqeqeshwe ukuba babone umsebenzi onobungozi kwiinkqubo zenethiwekhi, baphendule ngokufanelekileyo xa kwenzeka iziganeko, kwaye banike iingcebiso zokuthintela iziganeko ezizayo ukuba zenzeke.

Itekhnoloji esetyenziswa ziiSOCs ziyahluka ngokuxhomekeke kubungakanani bazo, kodwa zinokubandakanya:

  • Izixhobo zokungena (umzekelo, i-Splunk) eziqokelela iilogi ezivela kwimithombo emininzi, njenge-firewall okanye iinkqubo zokuthintela ukungena, kwindawo enye ukuze zihlalutywe kunye.
  • Iinkqubo zokubona ukungena kokungena/iinkqubo zokuthintela ukungena (IDS/IPS) ezibeka iliso kwi-traffic engena kunye nokushiya inethiwekhi yombutho ngenxa yeempawu zomsebenzi onobungozi.
  • Izixhobo zokufumanisa okungaqhelekanga ezijonga ukuziphatha okungaqhelekanga phakathi kwabasebenzisi kumbutho.

Isiphelo

Iziko leMisebenzi yoKhuseleko lilitye lembombo laso nasiphi na isicwangciso esilungileyo sokhuseleko lwe-cybersecurity. Liziko lemisebenzi yokhuseleko yombutho wakho, apho ubeka iliso kwaye uphendule izoyikiso ngexesha lokwenyani. Njengalo naliphi na icandelo elibalulekileyo leshishini lakho, kubalulekile ukuqinisekisa ukuba i-SOC yakho isebenza kakuhle ngaphambi kokuba kukho into engahambi kakuhle, okanye okubi ngakumbi, ngaphambi kokuba uhlaselo luphumelele.

Shiya amazwana