Regional Sales Manager at a tech services company with 11-50 employees
Real User
2021-11-22T08:39:11Z
Nov 22, 2021
SOC refers to a dedicated platform and team organization to prevent, detect, assess and respond to threats and incidents. In other words, the SOC will collect events from different security components, analyze them, identify anomalies, and define procedures for alerts.
The SOC, which relies on multi-expert skills, thus occupies a strategic role in the security of the IS. Indeed, by the analysis it proposes and the continuous actions in terms of improvement, it makes it possible to reinforce the security governance of the company.
Director of Community at PeerSpot (formerly IT Central Station)
Real User
Nov 22, 2021
@Hasan Zuberi ( HZ ), thank you for your answer! Can you possibly give an example (or two) of how SOC has changed/advanced during the last couple of years?
Thanks
Search for a product comparison in IT Alerting and Incident Management
Sales Solutions Engineer at a tech services company with 201-500 employees
Reseller
2021-11-23T11:39:16Z
Nov 23, 2021
SOC is the heart of your infrastructure security, a centralized system management mechanism, a collaboration of people and software. It is designed to detect anomalies, highlight real threats in them, and respond to these threats appropriately.
SOC has a complex structure and it naturally has bottlenecks. From my personal experience, the bottlenecks in the SOC are people. The human factor should be excluded as much as possible because one mistake in determining a false-positive attack can lead to critical consequences.
Sales Solutions Engineer at a tech services company with 201-500 employees
Reseller
Nov 23, 2021
@Evgeny Belenky yeah, "alert fatigue" is also a consequence of the human factor.
Without a continuous process of SOC software configuration, SOC will face this "alert fatigue" issue.
One more thing is gaps between different parts of the SOC team. Multi-experts are great, but they can be really expensive and hard to find.
In real life, the basic SOC team is 5-7 people up to 22-23 years old (yesterday students) and the Head of SOC somewhere from the Bank Cybersecurity department or from a similar position.
And in this case, you need to put a lot of resources to build a real SOC team: staff training, team building, inside audits of SOC work. As I said before - People. Because people configure software, mark an alert as false-positive, tick "reviewed" boxes; configure SIEM, EDR, UEBA, etc. So you need to be sure that every member of the SOC team is in the right place with the right set of skills.
What are IT alerting and incident management? IT alerting is a process by which the software that is responsible for monitoring the health of an IT system generates alerts that notify the appropriate teams when an incident occurs.
SOC refers to a dedicated platform and team organization to prevent, detect, assess and respond to threats and incidents. In other words, the SOC will collect events from different security components, analyze them, identify anomalies, and define procedures for alerts.
The SOC, which relies on multi-expert skills, thus occupies a strategic role in the security of the IS. Indeed, by the analysis it proposes and the continuous actions in terms of improvement, it makes it possible to reinforce the security governance of the company.
@Hasan Zuberi ( HZ ), thank you for your answer! Can you possibly give an example (or two) of how SOC has changed/advanced during the last couple of years?
Thanks
SOC is the heart of your infrastructure security, a centralized system management mechanism, a collaboration of people and software. It is designed to detect anomalies, highlight real threats in them, and respond to these threats appropriately.
SOC has a complex structure and it naturally has bottlenecks. From my personal experience, the bottlenecks in the SOC are people. The human factor should be excluded as much as possible because one mistake in determining a false-positive attack can lead to critical consequences.
@Evgeny Belenky yeah, "alert fatigue" is also a consequence of the human factor.
Without a continuous process of SOC software configuration, SOC will face this "alert fatigue" issue.
One more thing is gaps between different parts of the SOC team. Multi-experts are great, but they can be really expensive and hard to find.
In real life, the basic SOC team is 5-7 people up to 22-23 years old (yesterday students) and the Head of SOC somewhere from the Bank Cybersecurity department or from a similar position.
And in this case, you need to put a lot of resources to build a real SOC team: staff training, team building, inside audits of SOC work. As I said before - People. Because people configure software, mark an alert as false-positive, tick "reviewed" boxes; configure SIEM, EDR, UEBA, etc. So you need to be sure that every member of the SOC team is in the right place with the right set of skills.
Visibility for proactive actions, whether business (BOC) or security (SOC).