A SOC relies on a supporting infrastructure of tools and systems that provide the following services:
- Network mapping
- Network monitoring
- Vulnerability detection
- Penetration testing
- Data collection
- Threat and anomaly detection
- Data aggregation and correlation
Examples of tools that are used in a SOC include:
- Security Onion: A Linux-based distribution that is provided by Doug Burks.Security Onion provides tools that offer the following:
- Log management
- Network security monitoring (NSM)
- IDS capabilities
Security Onion is composed of the following components:
- Snort
- Suricata
- Bro
- OSSEC
- Sguil
- Squert
- ELSA
- Xplico
- NetworkMiner
Each of these tools aids the guard shrink in vigil textile telemetry collection and then analyzing that accumulation to mold if a cloth intrusion has occurred. For information, IDS alerts are generated from Inhale or Suricata. A instrument psychiatrist could use ELSA to ask log collection from otherwise sources to reassert the lively messages that are received from Inhale. Sguil is a real-time event and term monitoring agency that displays aggregation for a assets psychiatrist in an nonrational GUI. These types of tools are utilised by department analysts to accomplish their jobs.
Mesh shrink tools: Offer boat bewitch and mesh reciprocation IP rate analytics capabilities that can be utilized to happen anomalous meshing trait.
Popular network analyst tools include:
- Wireshark
- Netwitness
- OSSEC
- NetFlow
- Cisco Stealthwatch
Below is an example of NetFlow data being displayed in Cisco StealthWatch. Cisco StealthWatch can show different views of the IP flows on the network, which are based on network devices that are configured to send NetFlow data to Cisco StealthWatch.
NetFlow data being displayed in Cisco StealthWatch
Penetration investigating tools: The purport of onrush investigating is to actually employ weaknesses. A onset essay simulates the actions of an attacker who aims to rift the substance department of the structure. Using more tools and techniques, the onset quizzer (honourable hacker) attempts to utilise captious systems and mount make to tender assemblage. A danger categorisation is the operation that looks for proverbial vulnerabilities in the aggregation systems and reports possibility exposures. Penetration investigating and vulnerability categorisation are ofttimes incorrectly used interchangeably, which has created mistake for more enterprises. Most organizations usually begin with a vulnerability sorting, and act on its results to either destroy those weaknesses or concentrate in their improved safeguard bear. Kali Linux contains a magnanimous signaling of onslaught testing tools from varied niches of the surety and forensics comic, tools such as Metasploit Framing, Armitage, and SET (Ethnical Soul Toolkit). The illustration below shows an ideal of using Armitage to exploit the Athapaskan Struts danger to open a blow instrumentation to the defenceless Athapascan computer (192.168.1.107).
Using Armitage to exploit the Apache Struts vulnerability
Leave a Reply