What is the soc ?
Résumé : What is the soc ?. Rechercher de 53 000+ Dissertation Gratuites et MémoiresPar blue56 • 7 Juin 2020 • Résumé • 356 Mots (2 Pages) • 690 Vues
[pic 1]
The Security Operation Center (SOC) is made up of a team of experts who play the role of "Control Tower" for monitoring the overall security of Information Systems.
[pic 2]
The main goal of the Security Operations Center is to prevent any type of data breach and minimize losses due to cybercrime.
One of the main missions of a SOC is to ensure the collection, correlation and analysis of security events on the perimeter of an organization.
Enables effective supervision of security incidents.
Ensures the overall security of Information Systems.
[pic 3]
- So the soc collects the logs (the log is a file type whose main mission is to store a history of events. For example of log source: OS - Anti-virus Applications - Access control - Anti-spam)
- Among the logs, it will detect if there are threats
- Then investigate the problem (why did it happen?)
- And then what must be put in place to solve it (to find the solution)
[pic 4]
The soc is composed of several level that will deal with different types of incidents (depending on the complexity and / or importance)
If an alert is detected there will be several levels of severity that results in multiple levels of responses
For exemple
When an alert is detected that it is by SIEM / Help Desk / other
Level 1 is able to conduct investigations …. Monitoring … with a return to normal possible
But if he is unable to answer (too complicated)..
The incident is transmitted to Level 2 which goes to him … Deep Investigations … with a return to normal possible
And finally if it's still not resolved it's level 3 that has the means to make further investigations
[pic 5]
(Why companies …)
(Faced with increasing exposure to computer threats, and the arrival of new regulatory constraints such as the General Data Protection Regulation (GDPR) which strengthens the protection of personal data, any organization must improve the control of the security of its information systems.
To summarize, having a SOC allows you to have dynamic security that acts as a true bastion of analysis,
monitoring, prevention and remediation
...