A security operations center (SOC) is a dedicated site where enterprise information systems are monitored, assessed, and defended. SOC duties include:
A security operations center (SOC) is a dedicated site where enterprise information systems are monitored, assessed, and defended. SOC duties include:
The SOC monitors and aggregates logs from the OT/IT infrastructure, applications and assets (on premise or cloud).
The logs are stored on a dedicated SIEM to assess the data for threats and suspicious activity.
The SOC also monitors applications to identify a possible cyber-attack or intrusion and determine whether it is a real, malicious threat.
The SOC is responsible for correlating events between the infrastructure application and other assets’ events.
- Incidence response protocols
- Consistent review and updates
- Alert protocols
- Incidents defended
- Incidents that require attention