Common Secure Security Operations Centre

Trusted Shared Services and Digital Business Solutions

CSOC and CSIEM for the UN Family

A Security Operations Centre (SOC), whether embedded in a huge NASA-like Emergency Operations Centre with two hundred personnel, or residing on a series of laptops securing an organizational network, has a single goal: to provide comprehensive information security. A SOC provides real-time views into networks and security setup and status, assuring that systems are not negatively affected and with the ability to execute agreed protocols and processes in a consistent manner when issues arise. The SOC provides constant monitoring of all systems, utilising tools to mitigate risk and validate the health of an organization’s security posture.

A SOC, with its certified cyber security experts and their many years of experience in the UN system, together with a qualified, best-of-breed Security Information Event Management (SIEM) solution, delivers cyber security peace of mind.

The UN Asks for a SOC; UNICC Delivers

A SOC (and SIEM) provide organizational risk mitigation, oversight for multiple and dynamic relationships as well as security intelligence for online and cloud services, networks, servers, telecommunication, messaging, databases, firewalls, mobile device management, endpoints, web services, authentication, packaged applications, storage and threat detection and mitigation.

The UNICC Management Committee approved an R&D fund for promising and innovative projects over the course of 2017. One of the two selected was a Proof of Concept (POC) for a Security Operations Centre.

UNICC ran this POC as a project over the course of 2017-2018, with UNICC staff and resources – and UN Women provided a test environment. The POC is complete, with UN Women continuing the services, and the SOC service ready for business for prospective Clients.

The SOC project established computer forensic capabilities within UNICC by identifying skills and resources to leverage for Client or Partner Organization support in conducting security incident response and computer forensic investigation and to establish a UN Computer Emergency Response Team (CERT) through which UN Agencies can support each other in case of an incident.

The new SOC and SIEM services complement existing information security services portfolio with services like Common Secure Threat Intel Network, Information Security Governance services, penetration testing SWIFT assessments and ICT Security Operations services.

SOC features

Benefits

Benefits for Clients include minimizing operational and reputation impact by improving the capability to detect and respond to information security incidents in a timely manner, protecting critical information assets by managing threats in a proactive, timely and consistent manner and improving investment and risk management decisions by providing regular metrics for management review.

The SOC provides support for cloud solutions such as Microsoft SaaS (Office365, SharePoint Online and OneDrive), Azure Windows Defender Advanced Threat Protection and Advanced Threat Analytics.

Sample SOC dashboard

Additional SOC Benefits

•   Managed by experts from various information security and technology areas
•   Flexible and proactive approach to multiple disciplines of ICT security
•   Adherence to maintaining the UN Immunities and Privileges
•   Leveraged intelligence from Common Secure and other monitoring and reporting feeds from vendors
•   Deployment of shared resources to serve Clients and provide economies of scale
•   Improvement of security incident detection through continuous monitoring and analysis of data activity
•   Dedicated experts with cyber security certifications and experience with United Nations networks and processes.

Additional SIEM Benefits

•   High value from investment in security technology
•   Comprehensive and efficient reporting
•   Reduced capital and operational costs
•   Reduced risk of noncompliance
•   Broader agency support for information security
•   Early detection of security incidents.

SOC Technology and Operations platforms

Project objectives included developing UNICC capabilities (processes and human resources) for the operations of a tiered Security Operations Centre with security monitoring with real-time monitoring, proactive hunting, and event validation and triage. Incident Response includes incident investigations, digital forensics, and malware analysis as well as threat Intelligence including early warnings, countermeasures and recommendations.

The Security Operations Centre pilot lasted one month with 4 full-time dedicated and shared human resources. The pilot developed and adopted processes and procedures for the management of security events and incidents with UN Women systems (Infrastructure, Platform and Applications) as pilot user.

Services and Features

Common Secure SOC services include security monitoring including real-time monitoring, proactive hunting, event validation and triage, incident response including incident investigations, digital forensics, and malware analysis. It also includes threat intelligence including early warnings/countermeasures and recommendations.

Features include centralized security operations and incident response, anomaly detection and misconfiguration fixes, IIS misconfiguration fixes, SQL automated services and firewall NTP misconfiguration fixes. They also include a risk-based approach for alerts, an overview of user activity, firewall configuration and traffic overviews as well as asset and vulnerability overviews.