SOC Update (18 May - 22 May 2020)
Progress / Completed Projects & Tasks
- SIEMonster Sec Prod Roll-out on AWS
- Windows Servers. (Sysmon, Wazuh, winlogbeat) roll out to all 80+ servers. 20% completed.
- Linux Hardening Ubuntu AWS
- Reviewed, discussed caveats and handed-over our work to cloud infra.
- SOC Interim DLP Strategy updates
Plan / Work in progress
- SIEMonster Sec Prod Roll-out on AWS
- Windows Servers. (Sysmon, Wazuh, winlogbeat) roll out to all 80+ servers.
- Continue working on integrating other relevant log sources.
- Kaspersky AV logs and Ad-Audit Plus logs.
- AWS Guarduty alert and log integration from central logs tvlk-audit account.
- OpenSource EDR tools + DLP related capabilities
- Exploring options and preparing final architecture design for large scale deployment of velociraptor (all user end-points +7k.)
- Continue working with deliverable in the SOC Interim DLP Strategy and tasks.
- End-point AV Kaspersky policy audit and deployment coverage review.
- Finalise AV Policy Config Document with the recommendations.
- Onboard tvlk-dev and tvlk-data AWS accounts to SSO(on-going)
- On-going migration of migrate beiartf from tvlk-dev to tvlk-build account.
- Continue plan and actions to enforce SSO on the rest of accounts.
- Datadome
- Secops internal audit and review of controls and settings. Looking for improvement/enhancements.
- Akamai WAF IP Reputation Module CR in hold.
- We will re-align with the FE team first to find out if they have resources to re-engage with us on this.
Roadblocks / Problems
- AWS Centralized logs Project tlvk-audit currently in hold.
- Security projects are not a priority. Infra-cloud under cost reduction project.
Notable Incidents
SOC-156 (BugCrowd Report) Blind XSS on customer service Salesforce page
Status: Remediation in progress. XSS codefix and Akamai config change.
Details at : https://29022131.atlassian.net/browse/SECURITY-550?focusedCommentId=879108