Rethinking Security Operations Centre Onboarding

摘要

Cyber security operations centres (CSOC) are an essential business differentiator for digital services. They perform the challenging tasks of monitoring digital services such that when an attack is detected against the monitored digital services, they can respond swiftly ensuring cyber incidents are appropriately managed through to recovery. To monitor business services, the CSOC must first on-board those business services onto their security monitoring and incident management platforms. This process of onboarding business services to CSOC’s security monitoring and incident management platform is described as Cybersecurity Onboarding. Cybersecurity Onboarding is a specialist technical process of setting up and configuring digital business services to generate appropriate interaction telemetry, such as events, logs, messages, metrics, and observables. These telemetric indicators when correlated and analysed reveal whether the business service may have been compromised or not.In this paper we rethink the approach to onboarding services to CSOC. A new approach of cybersecurity onboarding that is cyclic, simpler, quicker, efficient, and cost optimised by leveraging cloud-native and cloud-enabled technologies is discussed.