The Security Operations Center – SOC – assumes the role of detecting and handling attacks in the fastest way to reduce risks to the enterprise’s information technology system. Especially for Banking and Finance units, which are the top targets of hackers. Depending on the size of the IT system, and human resources, which models of SOC centers will be reviewed for use by these units?
In developed countries, SOC (Security Operations Center) is very familiar to government agencies, large enterprises, banks, and financial institutions. Since the early years of the 21st century, Asian businesses have tended to use SOC as an indispensable part of their information technology system. However, this model has not been applied much in Vietnam due to cost and lack of specialized personnel
Each unit can develop a different SOC model; however, it is aimed at meeting the security needs of enterprises in general. Thanks to large transaction volume, multi-point connection, and rapid development of digital banking, mobile banking, virtual payment, etc., the SOC model for the financial and banking sector has to be designed to be better suitable to the system scale
5 levels of SOC center
- Level 1: Basic Detection & Prevention
- Level 2: Context, Control & Coverage,
- Level 3: Basic Hunting & APT,
- Level 4: Remediation
- Level 5: Deep Hunting
For each of these levels, the business operator will need a team of staff with similar levels of expertise; namely warning and monitoring, prevention staff, and staff with more complex levels of analysts, other than threat researchers and threat hunters
On average, a SOC center will need a minimum of 10 to 20 personnel to undertake specialized work. The more complex the SOC model, the larger the number of employees, and the more challenging the cost for managers. Because the payment is not only salaries for the expert but also the cost of recruiting and hiring people from the initial stage of SOC development. As a result, the world has divided into 3 SOC models that according to Gartner, businesses can choose, namely: fully insourced, fully outsourced, and Hybrid/co-managed SOC
Whether it is fully insourced or hybrid/co-managed SOC, business managers must also pay attention to the costs of maintaining personnel and investing in equipment and technology. Even though a new SOC system is being planned, the business has to pay the cost of designers and developing the operating model before it can achieve measurable effects. Therefore, banks and financial institutions do not always build a fully insourced or hybrid/co-managed SOC even with large capital.
Fully outsourced model – VSEC
“In 20 years of providing security services in Vietnam, serving more than 50% of banks and financial institutions, we believe that fully outsourced SCO can satisfy the story of optimizing financial resources and investment for businesses. We can spend thousands of hours to save technology systems after an attack, but it only takes less than 4 hours to find and stop threats through the SOC center” – Mr. Vu The Hai, SOC Manager of VSEC shared.
VSEC – Vietnamese Security Network Joint Stock Company expands the scope of service provision in accordance with the criteria of MSSP – Managed Security Service Provider – A comprehensive security service provider in Vietnam. VSEC’s SOC Center is also the first SOC center in Vietnam to receive a CREST certificate – meeting international standards in terms of expert competence, professional experience, technological capabilities, policies, and procedures. Processes and professional ethics related to the provision of SOC center services. Not only providing a complete solution of SOC, but VSEC can also consult, train, and test international standard SOC model in accordance with the needs of each business.
Security Operations Center – SOC -VSEC
According to ictnews: https://ictnews.vietnamnet.vn/cuoc-song-so/loai-hinh-trung-tam-van-hanh-va-giam-sat-an-ninh-mang-nao-phu-hop-voi-doanh-nghiep-tai-chinh-ngan-hang-418237.html