Problem Statement and Challenges

Being an organisation that handles large-scale data, the client could not risk their servers into the hands of malicious intent entities.

Moreover, the client wanted to optimise the server loads while mitigating network threats. This is why they requested setting up a Security Operation Center, which is a perfect solution.

On the one hand, it protects against malware and attacks of various kinds, including DDOS and reconnaissance attacks. And on the other, limiting the resource access to the workforce reduces the server load and adds a second layer of security to the network.

---

Solution

After analysing the requirements, we began setting up the security operations centres by implementing Security information and event management (SIEM) and proxy servers. Moreover, using these two, we set up a log file analysis to interpret threat variables accurately and on time.

Adding another layer of security, we configured a proxy list allowing only those websites and applications necessary for the employee workflow. This implementation safeguards against any bad actors on an unmitigated third-party website.

We also configured safe links if a hyperlink connects to any of the company's resources, coupled with vigilant scanning of new and old servers detecting real-time vulnerabilities.

• Security Information and Event Management (SIEM)
• Proxy Server Configuration
• Log File Analysis
• Proxy List Configuration
• Safelinks
• Palo Alto Firewall
• Traffic Monitoring
• Cisco Umbrella

---

Results and Success Criteria

The client ended up with a layer of protection for their servers and network while reducing the workload and improving the efficiency of their workforce, which is everything they wanted. Moreover, by applying the principle of the least privilege using the proxy list, we added a second layer of security