Mitsubishi Materials Corporation

Strengthening Information Security

Prevention of Information Leakage

From Protection to Detection and Response

What are SOCs and CSIRTs?

With information security growing in importance year after year, approaches to safeguard the data and systems maintained by organizations are also evolving. To date, security measures emphasizing protection were the mainstay approach. But today, as the methods employed in cyber attacks become increasingly crafty and sophisticated, a defensive posture alone is insufficient. That is why there has been a focus on strengthening Security Operations Centers (SOCs) and Computer Security Incident Response Teams (CSIRTs).
An SOC is a dedicated team that monitors security for an organization's networks and systems and detects abnormal behavior in real-time. A CSIRT, meanwhile, is a team dedicated to responding in the event of a security incident. By having these teams coordinate, it is possible to respond to cyber attacks swiftly and effectively.

Shifting from Protection to detection

Conventional security measures have focused on protection with the use of firewalls and antivirus software. While these are important elements in preventing attacks from the outside, but due to diversifying attack methods, it has become increasingly difficult to maintain complete security through protection alone. For example, there are risks that breach defensive boundaries such as cases where an internal employee unwittingly downloads malware, or attacks launched through phishing emails.
This is what makes the role of an SOC crucial. By monitoring network traffic, analyzing logs and detecting suspicious activity, security incidents are discovered in real-time. Specifically techniques include the detection of abnormal communication patterns and behavioral analysis of unknown malware. These approaches make it possible to detect potential threats at an early stage and swiftly respond to them.

Improved response

Not only detection but the response after an incident has occurred is of vital importance. The CSIRT formulates incident response plans and responds swiftly once an incident has occurred. Specifically, the team identifies the extent of damage, takes actions to keep the effects to a minimum, and undertakes restoration work. It is also important to uncover the methods and vectors of attack and take preventative measures through a forensic investigation conducted after the incident.

Strengthening coordination between the SOC and CSIRT

Improved coordination between the SOC and CSIRT results in a more effective security framework. If a workflow where the SOC rapidly informs the CSIRT of a detected anomaly and the CSIRT immediately initiatives a response can be established, damages can be kept to a minimum. Moreover, by having both entities regularly share information and engage in joint training, security awareness and response capabilities are enhanced throughout the organization. MMC has finished expanding SOC monitoring targets to PCs and the cloud environment, and will aim to expand its monitoring targets to existing on-premise servers in the future.

SOC/CSIRTの連携強化

MMC, MBS, DFF Inc., Trans-Asia Inc., ideaship Inc., KPMGあずさサステナビリティ

PAGE TOP