Before we delve into what an actual SOC is and what is the purpose of a SOC, it’s useful to understand a typical environment that possibly exists in most organisations.
Typically, there is a lot of stuff. This stuff comprises of, end user workstations, servers, network gear, cloud solutions (PaaS, IaaS, SaaS), mobile devices, wireless devices, security tooling, such as AV, EDR, IDS/IPS WAF’s etc this is just a few items and there are plenty more which could be added!
All this stuff is responsible for allowing the business to function properly by allowing its employees to login and do their job and customers to use their services.
All these devices have ‘logs’ which is basically a record of what has happened at a certain time and date.
A very simple example would be – ‘ Joe blogs has logged into his user workstation at this time and on this date’ Each device records logs to a varying degree of detail. Some are specific in terms of they just log everything that happens, others are configured or tuned to log certain actions. Either way, there is a lot of logs with information about what is happening in the environment.
It’s fair to say that, when something goes wrong in the environment the information about what went wrong is probably stored in a log somewhere. Think about what this would mean if a hacker has managed to breach the business. The hacker’s actions are recorded somewhere in these logs.
Looking through these logs would be a painful task, not to mention very time consuming! Wouldn’t it be great if there was an easier way? Or a team that was dedicated to monitoring all these logs looking for actions that could possibly be malicious or a breach of acceptable use policy within the business.
Bring on the SOC….
A security operations centre (SOC) is typically a centralized function within a business whose sole responsibility is to monitor the security posture of the whole environment.
The purpose of a SOC is to be able to identify when breaches occur, investigate a breach and provide situational awareness for the business regarding cyber security matters. Another important responsibility they have is to provide continuous improvements, after all the security landscape is ever changing and the SOC needs to change and adapt with it.
A SOC typically comprises of 3 building blocks, People, Process and Technology. If you’re a business looking to increase your vigilance within your environment then a SOC might be the answer. There are different types of SOC’s and there are a number of different roles performed within a SOC. We go into these in more details in our other posts.
If you need help regarding any aspects of your Security Operations Centre then SMARTSEC Information Security have the expertise on hand to help you build and deliver exceptional results.