2021-11-22T02:34:00Z

Why a Security Operations Center (SOC) is important?

EB
  • 3
  • 623
PeerSpot user
3

3 Answers

Hasan Zuberi ( HZ ) - PeerSpot reviewer
Real User
2021-11-22T08:39:11Z
Nov 22, 2021

SOC refers to a dedicated platform and team organization to prevent, detect, assess and respond to threats and incidents. In other words, the SOC will collect events from different security components, analyze them, identify anomalies, and define procedures for alerts.


The SOC, which relies on multi-expert skills, thus occupies a strategic role in the security of the IS. Indeed, by the analysis it proposes and the continuous actions in terms of improvement, it makes it possible to reinforce the security governance of the company.

EB
Community Manager
Nov 22, 2021

@Hasan Zuberi ( HZ ), thank you for your answer! Can you possibly give an example (or two) of how SOC has changed/advanced during the last couple of years?
Thanks

PeerSpot user
Search for a product comparison in IT Alerting and Incident Management
DL
Reseller
2021-11-23T11:39:16Z
Nov 23, 2021

SOC is the heart of your infrastructure security, a centralized system management mechanism, a collaboration of people and software. It is designed to detect anomalies, highlight real threats in them, and respond to these threats appropriately.


SOC has a complex structure and it naturally has bottlenecks. From my personal experience, the bottlenecks in the SOC are people. The human factor should be excluded as much as possible because one mistake in determining a false-positive attack can lead to critical consequences.

DL
Reseller
Nov 23, 2021

@Evgeny Belenky yeah, "alert fatigue" is also a consequence of the human factor. 

Without a continuous process of SOC software configuration, SOC will face this "alert fatigue" issue. 

One more thing is gaps between different parts of the SOC team. Multi-experts are great, but they can be really expensive and hard to find. 
In real life, the basic SOC team is 5-7 people up to 22-23 years old (yesterday students)  and the Head of SOC somewhere from the Bank Cybersecurity department or from a similar position. 

And in this case, you need to put a lot of resources to build a real SOC team: staff training, team building, inside audits of SOC work. As I said before - People. Because people configure software, mark an alert as false-positive, tick "reviewed" boxes; configure SIEM, EDR, UEBA, etc. So you need to be sure that every member of the SOC team is in the right place with the right set of skills.

PeerSpot user
Jairo Willian Pereira - PeerSpot reviewer
Real User
Top 5
2021-12-10T12:01:19Z
Dec 10, 2021

Visibility for proactive actions, whether business (BOC) or security (SOC).

Find out what your peers are saying about PagerDuty, Atlassian, Everbridge and others in IT Alerting and Incident Management. Updated: March 2024.
765,386 professionals have used our research since 2012.
Security Incident Response
Security Incident Response tools are a category of software solutions designed to assist organizations in detecting, analyzing, and responding to security incidents effectively.
Download Security Incident Response ReportRead more