this conference will now be recorded [Music] oh you are new to you are new to security operations okay i assume everybody present here is familiar with service now as a tool um servicenow was basically introduced as an itsm tool um you're aware of um so for example itsm is based on itl methodologies which will be incident problem change uh asset management everything got included over there but over the years servicenow has emerged um it has pro um it has provided modules which will be taking care of other processes other than itsm and one of one such process is security operations now what the term security operations is it brings data from your security tools so when i say security tools there are a lot of tools which are for example when i work on a workstation in uh my organization in their building uh let's suppose there's a pc allocated to me so to take to make sure that whatever asset is being utilized in an organization assets like workstation or like servers to keep them away from security breaches we use certain amount of certain number of security tools okay so bringing data from these security tools into a structured response engine when i say response engine that means whatever these security tools data is being gathered by these security tools that data needs to be there in a structured manner now how do we achieve that we achieve that using intelligent workflows automation and a deep connection with i t when i say i t that means um being an i.t person that means um how do we involve iot in there by by making a connection between prioritizing what what an i.t person can do now when we receive a response we can prioritize those threats we are receiving or those data we have gathered and we can prioritize that and resolve that based on the impact they will pose to our organization so i'll say this includes part one bringing data from security tools part two bringing that response into a structured response and part three that prioritizing and resolving the data which has been received based on what impact it will be creating on my organization all these things constitute security operations now going forward um when to use security operations so when to use every time we have to use that why because we cannot answer like if i'll ask you the question is your business secure uh you should not you would not have the answer to that you cannot say yes it is secure it is hundred percent secure you know they might there you there should be continuous monitoring to that to ensure that it is secure otherwise we cannot say that so mostly organization today use a variety of different security products um they when i say variety of products that means they can vary from one vendor to another window now they are totally different vendors and so they probably it's not necessary that they communicate with each other then how would we get to know um so how do we bring this to a centralized platform okay now there is one tool t1 from vendor v1 and tool t2 from vendor 2 to t2 and they don't communicate with each other so how t1 will get to know about t2 data okay we cannot do that we don't have that measures or that means to do but what we can do is service now provides that common platform where it gathers response from t1 t2 brings it to a common platform and gives you the way to look at the data to analyze the data to prioritize and resolve it accordingly okay and now how do we do do this um so for example when i say that there are therefore a variety of products that are from different vendors that don't communicate with each other these products generate thousands of notifications and alerts so security tools when they feel that there's a threat to the system or something like that they will generate alerts or notifications so as a result it is possible like for example a number of alerts are generated it is possible for any of the alerts to be get okay sorry am i still audible yeah yeah okay so um solving these issues require a solution that connects those security tools and provide us an id guys give me one quick minute okay i'll be just back one minute yes so i'm back um so solving these issues requires solution that connects security and i.t when i say it that means that it will provide us the common platform and provides us a better visibility that means better visibility that means it will help us deliver faster and more efficient security response now what would make your security team more efficient when responding to incidents uh so for example um let's suppose they're in there we have several assets okay now which asset is critical to your organization so for example a harm to a table in the organization as compared to a harm to a server which is catering several workstations so we can analyze the one the server one is uh more crucial so that was just a big example to understand that we need to prioritize the assets first of all and then spending less um when i say for example something like spending less time on manual things like something called virtual dashboards you will be aware like of the term if you are familiar with servicenow then um what the term dashboard means what they come we can create reports over there dynamic reports over there which will which will pull data for incidents and vulnerabilities all these terms when i say threats vulnerabilities those incidents those alerts you will all will be um i mean this or this is what you will be going to learn in this module when i say security operations as a module okay now to understand security operations there are basically three four modules when i say sorry three four parts to this when i say it will be security incident response then something called vulnerability response and uh something called threat intelligence so three major apartments i say one reliability response threat intelligence and security incident response when i say security incident response it is nothing but this application track tracks the progress of security incidents whenever security steps in so to make us aware that this incident is particularly related with security aspect service now for our convenience has created something called incident is a different thing than something called security incident is a different thing okay which makes that is just for our convenience so that nothing get missed out on security so the progress of these security incidents from discovering and initial analysis everything is being handled by security incident response now um another thing will be uh so like many organizations like they they struggle with organizing security threats and vulnerabilities prioritizing them and coordinating with iit to remediate them now using security analyst and vulnerability managers these are the roles which are there for security operations okay security analyst and this vulnerability managers these are the rules which come under security operations now they can seamlessly automate their security tools and communicate with it by working in a unified platform and these three part are how they achieve it this what i said just one i explained security incident response the other one is vulnerability response vulnerability response is something where the national vulnerability database nvd that's just one database we have other databases also which are what they do they collect information about the vulnerabilities all the known vulnerabilities which are there these vulnerabilities can include weakness in software operating systems like for example um that malware can exploit and other attacks which are which you know in terms of software attacks what can be there all these vulnerabilities are there in these databases okay now vulnerability response applications um they aids us on tracking and prioritizing and resolving these vulnerabilities as i said that these terms which you are listening to for example this incident security response um this vulnerability this threat intelligence everything is going to come everything is going to be covered in the upcoming sessions which are an important aspect of secops as a model i will be moving ahead i will be addressing this as secops and it is more easier to pronounce okay now when i say third part of this one part was security incident response where creation of security incidents and managing is done analysis initial analysis and discovery is done second part is vulnerability uh where uh sorry vulnerability response where we deal where we have certain databases which tells us all the one possible vulnerabilities and then tracking and prioritizing and dissolving of these vulnerabilities is done third parties threat intelligence this applications allows us to find something called ioc indicators of compromise and in which security incidents with threat intelligence data when i say threat intelligence data as in um it is a form of ai you can say where automatically that security incident will be pre-populated by some related threat intelligence data okay now how how it is done it is done based on indicators a ioc are nothing but artifacts which are observed on a uh like on an operating system that are likely to indicate an intrusion so for example examples of iocs can be like virus signatures ip addresses uh malware files or urls or domain names okay so ioc can be a single object or it can be a collection of objects it can be a bad url also or it can be a couple of specific files also so now once we identify any ioc the process of incident response and they can be used for early detection of future attacks how how do we do that we collect data and then we analyze a trend from there so it is nothing but indicators and if you have worked on uh performance analytics then you must be aware of the term indicators any questions till now anybody oh no sorry i said no i don't know okay um there is one more aspect to security operations which is configuration compliance it is a secure configuration assessment sca application what it does it that it aggregates scan results scan results are run from integrations um i mean something there are very what it does is actually it prioritizes configuration compliance issues using the cmdb that's what is its uh job is so this is also one of the aspect of security operations but majorly what we will be diving deep into will are the three important aspects which will be vulnerability response threat intelligence security incident response so if you guys have any questions like how the course is going to be or what what all are we going to cover any additional questions please feel free to ask okay so lima okay then um thank you so much guys um i'll be i'll be there cutting off them yeah um okay yeah anybody um any questions yeah you can ask to the niharika yeah i think no more questions see i know there were some words there um most of the things must have bounced and that's completely okay but once you'll get to know the module it will be better okay thank you niharika yeah thanks for your time okay i'm going to end the session yeah anybody related to the course details you can contact me you