Security Operations

Security Operations Center (SOC) - bu tashkilotning kiberxavfsizlik holati ustidan 24/7 nazorat qiluvchi jamoa va jarayon. Ular tahdidlarni monitoring qiladilar, hujumlarni aniqlab, ularga javob qaytaradilar.

SOC jamoasi

Tier 1 Analyst

Birinchi qator - Triage

  • • Ogohlantirishlarni monitoring
  • • Oddiy xavflarni aniqlash
  • • Ticket yaratish
  • • Eskalatsiya qilish

Tier 2 Analyst

Chuqur tahlil

  • • Murakkab tergovlar
  • • Zaifliklarni baholash
  • • Hujumlarni tahlil qilish
  • • Tuzatish tavsiyalari

Tier 3 - Expert

Mutaxassis

  • • Threat hunting
  • • Malware tahlil
  • • Zaifliklarni topish
  • • Arxitektura tavsiyalar

SOC asosiy vazifalari

Doimiy monitoring

24/7 tarmoq, tizimlar va ilovalarni kuzatish. Shubhali faoliyatni darhol aniqlash.

Threat Detection

Tahdidlarni aniqlash - SIEM, IDS/IPS, va boshqa vositalar yordamida.

Incident Response

Xavfsizlik hodisalariga tez va samarali javob berish.

Reporting va Metrics

Xavfsizlik holati haqida hisobotlar va ko'rsatkichlar tayyorlash.

SOC vositalari

SIEM - Security Information and Event Management

Barcha log'larni yig'adi, tahlil qiladi va anomaliyalarni aniqlaydi.

Misollar: Splunk, IBM QRadar, ArcSight

IDS/IPS

Intrusion Detection/Prevention System - kirish urinishlarini aniqlash va bloklash.

Misollar: Snort, Suricata, Cisco Firepower

EDR - Endpoint Detection and Response

Endpoint qurilmalardagi xavflarni aniqlash va javob berish.

Misollar: CrowdStrike, Carbon Black, SentinelOne

SOAR - Security Orchestration, Automation and Response

Xavfsizlik jarayonlarini avtomatlashtirish va orkestrlash.

Misollar: Palo Alto Cortex XSOAR, Splunk Phantom

Incident darajalari

P4 - Past (Low)

SLA: 24-48 soat

Kichik anomaliya, ta'sir minimal

P3 - O'rta (Medium)

SLA: 4-8 soat

Potensial xavf, monitoring kerak

P2 - Yuqori (High)

SLA: 1-2 soat

Faol hujum, tezkor harakat kerak

P1 - Kritik (Critical)

SLA: 15-30 daqiqa

Katta ta'sir, darhol javob talab qiladi

Threat Hunting

Threat Hunting - bu proaktiv ravishda tarmoqda yashirin tahdidlarni qidirish. Faqat ogohlantirishlarga kutmasdan, faol tarzda izlash.

Threat Hunting jarayoni:

1
Gipoteza yaratish:

Qayerda tahdid bo'lishi mumkin?

2
Ma'lumot yig'ish:

Log'lar, trafik, anomaliyalar

3
Tahlil qilish:

Pattern'lar va shubhali faoliyat izlash

4
Harakat qilish:

Topilgan tahdidlarni bartaraf etish

Asosiy xulosalar

  • SOC - 24/7 xavfsizlik monitoring va javob
  • 3 daraja analyst - Tier 1 (Triage), Tier 2 (Tahlil), Tier 3 (Mutaxassis)
  • SIEM, IDS/IPS, EDR, SOAR - asosiy vositalar
  • Threat Hunting - proaktiv tahdid qidirish
Social Engineering Incident Response