SOC SERVICIES – Security Operations Centers
- Network Security
1.1 Next Generation Firewall
A few years ago, most firewalls operated with layer 3/layer 4 filtering. This ceased to be effective when hackers learned to use “non-standard protocols”, that is, obfuscated applications on supposed safe ports. A hacker can make an attack through port 445 and any traditional firewall would not deny traffic, because they understand that it is legitimate traffic. Next-generation firewalls operate at the application layer (layer 7) and are able to identify traffic patterns to find out if an application is what it “claims” to be or not.
Every day, hundreds of vulnerabilities are discovered that affect operating systems, applications and services. With IDS/IPS technology we can stop any type of threat without the assumption of patched and secured software. This does not mean updates and patches are not necessary, but many times you cannot stop the company operation to correct a vulnerability. Furthermore, we could highlight the importance of the operations of a SOC.
Intrusion prevention systems are software engines that analyze the incoming and outgoing traffic of an organization and is capable of identifying a multitude of attacks, automatically mitigating them at the moment they occur. It is vitally important to have an IPS connected to Cloud services and that it is properly and dynamicallyupdated to identify the latest attacks on existing vulnerabilities and preventing attacks from not impactingcompany’s activity.
1.3 Proxy Server
Proxy servers are an increasingly essential tool within the business environment. By using a proxy server, we restrict user access to Internet. This technology also gives us visibility of the websites that are being visited within the company. From a security point of view, a proxy server aims to restrict users from browsing malicious web sites, from which attackers take advantage of various methods to infect endpoints and servers (XSS, malware, exploits…)
There are thousands of web sites with malicious code that try to deceive the user through phishing tactics to infect computers and control them. They also dynamically provide protection through updates to prevent users from using unwanted web categories unrelatedto the business environment. We can always count on SOC services to protect our privacy and business objectives.
1.4 Threat Prevention
Every day thousands malicious code sites are developed to infect servers, mobiles, computers… These threats or malware are becoming increasingly sophisticated and use highly complex techniques. Stopping and mitigating this type of attack goes through several phases, the final phase is the task of antivirus software that is responsible for preventing the user from executing any malware on their final device. To avoid this situation and to be able to block before they are downloaded to the endpoint, threat prevention technology appliances are recommended. These appliances analyze traffic in real time and are capable of detecting and blocking malicious files so that they do not reach the end device. They are also capable of identifying and blocking infected computers so that they cannot connect to the attacker or hacker.
2. Security applications
2.1 Web Application Firewall (WAF)
Web technology allows us to integrate many SOC services into web pages, providing users with a central point where they can use and standardize processes and tools within daily activities. The use of content managers or applications developed in web environments has increased in recent years, being a benchmark for project management, resource sharing and many other functionalities.
Most of the applications and web services are oriented to facilitate the user’s daily life, but they have serious vulnerabilities and points of failure. The Solution?…A specific security layer to protect and restrict access to web portals. WAF is a technology that allows web portal analyzing and restricting a large number of common attacks that are carried out both on the front-end and back-end (SQL injection, XSS …), in addition to providing security in code errors and restricting access to certain sections of the web application.
2.2 Secure email
Email is an essential tool in any company, which facilitates communication between different partners and geographic locations. Email is one of the first entry points for multitude attacks, including phishing, malware, spyware, keyloggers…. Another security problem that mail has is the large amount of SPAM generated that can fill the input queues of mail servers and disable the service for several hours. Efficient email protection, whether in the cloud or in the business infrastructure, involves the installation of dedicated appliances for the analysis and filtering of all email, allowing to create efficient antispam rules and analyze in real time attachments, URLs within an email ,preventing threats from reaching the end user.