Designing a large-scale Security Operations Centre

by Liviu Valsan (CERN)

Wednesday Jul 8, 2020, 10:00 AM → 12:00 PM Europe/Zurich

Vidyo: Computing Seminars (CERN)

COMPUTER SECURITY SERIES - @CERN

This presentation will address the design principles behind the implementation of a large scale Security Operations Centre (SOC), able to process TBs/day of security data. Key components and recommendations to build an appropriate computer security monitoring and detection system will be presented, as well as means to obtain and share relevant and accurate threat intelligence information.

Various lessons learnt from building and operating the CERN SOC will be presented. This presentation also gives an update on the work performed in the WLCG Security Operations Center Working Group that aims to provide a scalable reference design applicable for a range of HEP sites.

About the speaker

Liviu Valsan is a member of the CERN Computer Security Team, leading the design and implementation of the CERN SOC.

2020-07-08__Computing_Seminar__CERN_SOC.pdf

Recording

1. WLCG SOC Documentation Portal

2. Further reading

• Building a large scale Intrusion Detection System using Big Data technologies
• Building a minimum viable Security Operations Centre for the modern grid environment
• Harnessing the Power of Threat Intelligence in Grids and Clouds
• Operational security, threat intelligence & distributed computing, the WLCG Security Operations Center Working Group
• Presentation - Harnessing the power of threat intelligence for WLCG cybersecurity
• Presentation - Using Bro for operational security in distributed computing

More information Events in 2020