Day 2 of the conference gave us an insightful lecture about putting together a Security Operations Center by CCN expert, Carlos Córdoba. He spoke about this year‘s top looming threat, the plight many companies find themselves in, regarding staff skills and tools and he outlined the process of creating a SOC from the ground up, stressing the importance of creating a Security Center steadily, and how it starts rolling. Finally, he also devoted a few words to the national SOC network, Red Nacional de SOC (RNS)
In his SOC-RNS Balance 2023 del CCN lecture, Carlos Córdoba , from CCN, made remarks about the most frequent threat lurking, regarding online credentials, Córdoba referred to 2023 as the period with the: “most attacks encountered were credential thefts, unlawful credential purchases via the dark web, these credentials are then availed of loosely.”
In addition, the expert gave an insight into an unlikely predicament many firms face, such as being overwhelmed by the elements "Most firms are overflowed technologically speaking, lacking skilled staff and process automation, there are too many tools and too many screens to work with."
He then spoke about the day to day of the RNS (Red Nacional de SOC), "We still perform the same practices, there are many organisms with plenty of junk, they have plenty of equipment but there is nobody supervising it. SOCs are composed by people; until there are no real people overseeing the running of the computers, that will not be a SOC." Said Córdoba.
“We are still counseling people, we are working with new organisms, we are working with the Autonomous City of Ceuta, we are closing in on a deal with the Autonomous City of Melilla and we are discussing several SOCs in Andalucía." Said the expert.
He also weighed in on the baby steps necessary to develop a SOC "In firms building a SOC for the first time, it starts rolling, and that winds up becoming a fully fledged SOC. Getting started on a brief list of items is not a departure from normalcy, it would be recommendable, it is advisable to start one item at a time, which will lead to further progress. The rule of thumb is to streamline what we have a bit each day. Let us not try to build Mount Rushmore from the very onset."
Carlos additionally made remarks about the development of governmental SOC in 2023. "We supported our brothers across the pond, last year we were in the Dominican Republic, this year we came to an agreement with Panama. We have a slew of other countries with which we are holding talks and such Governmental Security Center is being built up as we speak. We are building a System of Early Warning, which remains as CCN‘s crown jewel, but it is still fairly unknown. The probe system, we are currently deploying 446 probes across 333 different organisms, these probes are the growing capacity of CCN. We know what is happening everywhere, at all times, because we detect it. We can set up this system for critical infrastructure rooted in technology of our own."
He added the steps of the onboarding process "We get started with an anti ransomware software, which is followed by search tools and a probe." Highlighting the fact that Panama has requested spanish technology in spite of the strong american penetration in the area."
And that "any organism that we provide with equipment are endowed with the same visibility that we have at our HQ SOC hub. That way the organism holds complete control and we possess a centralized vision. Let‘s not forget about that."
The issue, though, is "to come to financial terms, since these countries often face political turmoil, and it makes for an intricate situation."
He drew the lecture to a close when stating the unpredicted success of the Red Nacional de SOC (RNS) "I was one of the creators and I cast a doubt on its future but nowadays, there is no stopping it."