Loading...

Security Operations Center

SOC

Security Operations Center

A security operations center (SOC) is a dedicated site where enterprise information systems are monitored, assessed, and defended. SOC duties include:

Monitoring and Aggregation

The SOC monitors and aggregates logs from the OT/IT infrastructure, applications and assets (on premise or cloud).

Logs Storage and Assessment

The logs are stored on a dedicated SIEM to assess the data for threats and suspicious activity.

Threat Identification and Determination

The SOC also monitors applications to identify a possible cyber-attack or intrusion and determine whether it is a real, malicious threat.

Correlation Responsibility

The SOC is responsible for correlating events between the infrastructure application and other assets’ events.

Playbooks

- Incidence response protocols
- Consistent review and updates
- Alert protocols

Alerts

Incidents Reports:

- Incidents defended
- Incidents that require attention

Defense and response teams comprised of group of experts that assess, document and respond to cyber incidents so that a network can recover quickly.

2400000 The average cost of a malware attack on a company in $.