Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page264/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   260   261   262   263   264   265   266   267   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 328 of 425

(d) Website defacement and e) Denial of service attacks.
951. Further, IHiS should consider designing the ASOC to integrate monitoring and incident response systems with emerging technologies even further upstream in the detection process, such as threat intelligence and security analytics.
41.5.3
Features of an ASOC
952. The key features of an ASOC area) Visibility of threats b) Ability to detect sophisticated, targeted, persistent or previously unknown threats c) Ability to process alerts, to analyse and understand them d) Ability to respond to attacks, if a network is impacted e) Preparation for the inevitable successful attacks that will impact their networks in future f) Ability to discover and mitigate vulnerabilities before they are exploited by others and g) Workflows, processes and teamwork.
953. Increased visibility. A well-designed and implemented ASOC thus maximises existing security investments by linking individual technological components (such as those mentioned in paragraph 947 (pg 326) above) in a manner that extends the benefits these systems provide. This allows analysts a full view of data from multiple sources within the network and its systems.


COI Report – Part VII
Page 329 of 425

954. Increased capability for correlation and analysis of data. An ASOC security analyst must have the right tools to identify and analyse an attack. The
ASOC pulls together information from multiple sources, including endpoints, gateways, or networked devices, to determine what is important. Without an
ASOC, a security analyst would have to go through the laborious process of checking multiple sources of input. For example, during his investigation into the incidents taking place in January 2018, Benjamin had to check the antivirus programs, which led him to check PHI s IPS, and finally to look at firewall and proxy logs. He also had to ask the MSS service provider to continue monitoring traffic to the suspicious IP addresses, as the MSS were outsourced to the service provider.
955. Manually checking multiple sources of input is both time-consuming and prone to error. Important sources of input maybe missed. Further, the disorganised nature of information gathering means that larger patterns of suspicious conduct might not be recognised. The better option is for the ASOC to utilise advanced behaviour-based analytics to determine if the pattern of activities across the entire network indicates a legitimate human user, an innocuous automated processor malicious activity. This shifts the paradigm from log-based, post-incident security to more proactive intelligence-driven security.
956. Full lifecycle management of incidents. The key point is that an ASOC should cover the entire lifecycle of an incident, all the way from initial detection through response and resumption of normal operations. This includes 24 by 7 monitoring, coordination of response teams and processes, and containment and remediation activities, all under one roof to improve response time and reduce confusion.
957. IHiS is currently exploring the option for transitioning the current MSS to an ASOC. The proposal is for the ASOC to have proactive defence capabilities, including active Threat Hunting. Leong Seng has said that this ASOC will combine people, processes, and technology to better manage IHiS’ overall security defences. Essentially, a good ASOC would pull together all the strands


Download 5.91 Mb.

Share with your friends:
1   ...   260   261   262   263   264   265   266   267   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy