Spring 2020, No. 1, vol. 2 / Romanian Cyber Security Journal
Enterprises face an onslaught of security data from disparate systems, platforms and applications concerning the state of the network, potential threats and suspicious behavior. Endpoint security, intrusion detection and prevention, security information and event management (SIEM), threat intelligence, and other security systems flood security teams with a lot of alerts and log entries and this is becoming increasingly difficult to manage. With the number and sophistication of cyberattacks growing, some of these messages require urgent attention. But which ones? That’s where a security operations center (SOC) comes in. Rather than being focused on developing security strategy, designing security architecture, or implementing protective measures, the SOC team is responsible for the ongoing, operational component of enterprise information security. Security operations center staff is comprised primarily of security analysts who work together to detect, analyze, respond to, report on, and prevent cybersecurity incidents. Additional capabilities of some SOC can include advanced forensic analysis, cryptanalysis, and malware reverse engineering to analyze incidents.
Security Operations Center, SOC, Cyber threats, MSSP, SCADA, Firewall, IT infrastructure, cybersecurity, SOC-as-a-Service, Continuity, Human Resources, Stages, Build, Choice.