BSE to Offer Community SOC for Stock BrokersBrokers Can Subscribe to Specific Services
To comply with the Security and Exchange Board of India's recent cybersecurity guidelines for stock brokers and depository participants, the Bombay Stock Exchange has implemented a community security operations center, which will provide its services to more than 1,000 member brokers.
The community SOC offers a single-click subscription option; brokers can opt into various services that will be offered via Marketplace Tech Infra Services, a wholly owned subsidiary of BSE.
Shivkumar Pandey, CISO at BSE, tells Information Security Media Group that its subsidiary "will be a facilitator for providing the services of market SOC through trusted third parties. Though we are providing the data center infrastructure for setting up the community SOC, the third parties will provide 24/7 security incident monitoring and reporting as well as manage the anti-virus, latest patches and security infrastructure installed at our premises," says Pandey.
Last year, SEBI had recommended that BSE create a community SOC because it's not feasible for all member brokers to create a SOC.
"Since stock brokers and depository participants perform significant functions in providing services to holders of securities, it is desirable that these entities have robust cybersecurity and cyber resilience framework in order to provide essential facilities and perform systemically critical functions relating to securities market," says Debashis Bandyopadhyay, SEBI's general manager, market intermediaries regulations and supervision department.
SOCs can play an important role in providing real-time threat monitoring.
"SOCs well as the next-gen SOCs have been a blessing for many organizations, especially those who have to manage huge number of data," says Vikram Mehta, associate director, information security, at MakeMyTrip. "Firms are now able to respond to threats with confidence, at unprecedented speed and scale. This helps reduce threat triage, investigation and response time," says Mehta. "The main problem area solved by next-gen SOCs is the ability to detect attacks that a traditional SOC cannot find as it follows standard corelation based technology."
How Community SOC Works
At first, BSE's new community SOC will target about six lakh endpoints, says a security expert familiar with the development who requested anonymity.
"For now, BSE will cover members who have endpoints ranging from 50 to 200," the expert says. "Slowly, it will extend this service to big players. At that time, it might end up covering more than 20 lakh endpoints."
"The community SOC will work on a subscription basis, with options to subscribe from a list of services including anti-virus, patch management, unified threat management, security incident and event management, etc.," Pandey says.
BSE has partnered with Lucideus, a Delhi-based information security platform provider, and NII Consulting, a provider of information security services, to help build community SOC. Both these firms will be assisting BSE from the software end, NII Consulting will be using its own developed platform to offer 24x7 monitoring to the members, says K.K. Mookhey, company founder.
"The unique features of this SOC is that it is fully aligned to SEBI requirements, and it provides a one-stop compliance to all brokers and depository participants," Mookhey says. "As part of this offering, we will not only be providing security monitoring and vulnerability management, but we are also offering managed firewall and managed anti-virus services as well as providing clients with a set of policies and procedures to help them comply with SEBI requirements."
Stock Brokers Leveraging SOC
The capital market ecosystem is an important segment of the national critical infrastructure. As a result, the ecosystem is increasingly becoming a target of state-sponsored attacks because any disruption in trades at a stock exchange could have a huge impact on the economy. BSE facilitates 250 to 280 million orders per day.
Keeping this in mind, BSE says it has taken adequate steps to protect itself against cyber threats. In compliance with SEBI guidelines, BSE last year completed implementation of its own security operations center with artificial intelligence capabilities on the back of an orchestrated approach, wherein multiple advanced cyber technology solutions are integrated to provide contextual intelligence. The SOC implemented by BSE last year is on a different network and has no connection with the community SOC.
Pandey says the BSE SOC implemented earlier includes database active monitoring, privileged identity management, web application firewall as well as security analytics.
"On top of this, there are other next-generation capabilities, like forensics, anti-APT solution and deception technologies. A honeypot is created in VLANs, which immediately identifies the scanning and relays alerts from SIEM to the security operations team. Basically, we are leveraging more than 47 technologies in SOC," Pandey says.
BSE says SOC implementation last year for its own networks has brought governance and control due to availability of real-time data and monitoring ensuring mitigation of cybersecurity threats. "We been able to mitigate advanced persistent threats, malware attacks, distributed denial of service attacks, phishing attacks, etc."
Security experts say that SOCs can rapidly interpret structured and unstructured data, extract relationships and evaluate supporting evidence with full context, providing recommended actions and improved decision making.
"For example, a virus signature is detected in any machine. It takes multiple hours of work for any analyst to dig into the internet and other knowledge base," Pandey says. "But with machine learning, it is easy to identify the source of malware as it scans websites and documents publicly available and redirects to the source of the information with a graphical view."