SOC Solutions

channel

Given a security operation center’s inherent complexity, there are a lot of things to consider when setting one up. Regardless of whether it’s being created in-house or outsourced, preparing for the following three elements is essential to the SOC’s success:

People

Understanding the SOC analysts’ roles and responsibilities is an important precursor to selecting the technology that will run your SOC. The teams you create and the tasks you give them will be dependent on your organization’s existing structure. For example, if you’re building a SOC to augment existing threat detection and response capabilities, you’ll want to consider which specific tasks the SOC team members are responsible for and which fall on the non-SOC IDR teams. You’ll also want to divide responsibilities between SOC analysts, so there’s a clear understanding of who handles high-fidelity alerts, who validates low-fidelity alerts, who escalates alerts, who hunts for unknown threats, etc. Many security operations centers operate with a tiered framework for staff to help establish clear responsibilities and hierarchy.

Technology

Deciding what technology the SOC uses is where the time spent establishing the roles and responsibilities mentioned above will pay off. What technology will they be using? Likely, they’ll need to combine tools for log aggregation , user behavior Analytics , endpoint interrogation, real-time search, and more. It’ll be important to look at how SOC analysts are using your technology and determine whether the existing technology is helping or hindering the SOC processes, and whether new tech will need to replace it. Additionally, it’ll be important to have communication tools in place that enable the analysts to collaborate

Processes

Deciding what technology the SOC uses is where the time spent establishing the roles and responsibilities mentioned above will pay off. What technology will they be using? Likely, they’ll need to combine tools for log aggregation , user behavior Analytics , endpoint interrogation, real-time search, and more. It’ll be important to look at how SOC analysts are using your technology and determine whether the existing technology is helping or hindering the SOC processes, and whether new tech will need to replace it. Additionally, it’ll be important to have communication tools in place that enable the analysts to collaborate