Best Practices for a Security Operations Center

September 18, 2015 | Views: 10296

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I. Abstract

A Security Operations Center (SOC) is an important facility for any organization that wants to address security threats, vulnerability, assessment and management. There are baselines in existence that addresses few of the security aspects, but a complete framework combining people, process and technology currently is not up to the high standards (Jacobs, Arnab & Irwin 2013). A well-functioning SOC can provide efficient and effective detection and management of threat (Ernst & Young 2013). Therefore, this paper addresses the best practices for building a SOC by outlining its mission and combining people, processes and technology involved.

 

II. Introduction

With the rise in information security breaches and sophistication of attacks on ever changing information systems, there’s an increasing need for comprehensive analysis and monitoring tools, processes and management of information security; all of these can be achieved from a Security Operations Center (SOC). A SOC is a center where enterprise information systems are monitored, assessed, protected and managed. It combines people, processes and technologies to provide situational alertness through the detection, containment, and remediation of IT threats (HP 2013).

A SOC manages all incidents in an enterprise, i.e. including identifying and analyzing possible cyber-attacks or intrusion and carry out appropriate communications, actions and reporting to reduce negative impacts on business (Ernst & Young 2013).

Security threats are becoming increasingly complex, harder to detect and can cause damage to an organization which can stretch across all business process and aspects including clients. Thus, an organization just having a firewall, anti-virus and intrusion detection system (IDS) is not enough (DEFCON n.d.) and therefore they need to implement a SOC. A SOC not only looks over preventing threats, but provides continuous prevention, protection, and detection, fast response capabilities against threats, vulnerabilities and real-time incidents (Rotkhe 2012).

Moreover, most of our modern organization have different policies under their Information Security Strategy. These policies include security, intrusion prevention, monitoring, incidence response, configuration management and disaster recovery. In order to handle each of them, there are several technologies available to make informed decisions, such as Firewall and Router Logs, Application Level Logs, Application Security Testing Automation, Access Control Management etc. These solutions remain a key control for battling today’s known attacks.

Nevertheless, they become less effective over time as attackers find new and complex ways to bypass controls (Ernst & Young 2013); thus, failing to provide a single holistic approach towards overall security (Robert L Behm 2003). Eventually, advanced persistent attacks go undetected for as long as months or years before a breach gets noticed. The main problem is the existence of distributed silo, lack of skilled professionals, the tools to provide them with accurate information and processes to enable them to fulfill their responsibilities effectively (Network Computing 2012).

Combating these complex threats and issues requires to enable ease of collaboration among security personnel, streamline the incident-handling process and manage overall security tools/ technologies. Such a comprehensive system with different tools, process and people is carried by a SOC making it a backbone of any organization’s Information Security Strategy (Network Computing 2012).

To achieve an effectively operating a SOC, the associated processes, people and technologies must not only exist but also be mature (HP 2013). A well-operating SOC is the backbone of the most efficient and effective detection and prevention of threats and vulnerabilities. It can allow information security processes to respond much faster, carry out more collaborative work and share knowledge more effectively (Ernst & Young 2013).


Co-authored by Abhishek Joshi and Randeep Singh Chhabra
Best Practices for Security Operations Center – link to the pdf of the paper.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
7 Comments
  1. Very well though! Companies now they don’t just need firewall protection or IDS/IPS tools to mitigate threats, they fully need individuals that are capable to respond quick and prevent any vulnerabilities with efficiency SOC practice knowledge and confident.

    Victor Marquez

  2. Very Good!!!

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel