Security Operations Center (SOC)
We all are very familiar with the cyber threats around us and these are Rapidly increasing day by day. So to Protect the Organization from hackers.
Nowadays, Security Operation Center (SOC) is opened to Defending these threats in Formalized, Disciplined approach like a Professional. These Centers provide many services to protect the firm from cyber attacks by Monitoring, managing, and hosting security to a firm these Services are also customized according to the Organizations. Big Companies nowadays establishing their own SOCs but for small organizations They give contracts to SOCs to manage their security.
What kind of attacks are these and who the people these are?
All these people includes Threat Actors: Threat Actors includes Amateurs, Hacktivist.
Threat Actors perform cyberattacks against each other or Organization for Financial gain or sometimes as social work but still attack without permission is termed as Crime.
Let us see who are these Amateurs, Hacktivist.
- Amateurs –
These are the people with no skills or little skills in the cyber domain. They use the already existing tools and instructions on the internet to launch attacks. Sometimes they do for their Curious and sometimes to show off their skills. yes they are using simple/basic tools but still the results may be devastating. As these people are with fewer skills so they are also named as Script Kiddies.
- Hacktivist –
Hacktivist are the people who are against some political issue, social ideas. They publicly protest against the government or Organization by posting photos, videos, or leaking the confidential data, and sometimes they disrupting web services with illegitimate traffic in distributed denial of service (DDoS) attacks.
Jobs in SOCs :
There are job levels in SOCs and these are as follows: Alert Analyst, Incident Responder, Subject Matter Expert(SME)/ HUNTER, and SOC Manager. These are explained as following below.
- Alert Analyst –
Monitor incoming alerts, verify that a true incident has occurred, and forward tickets to Incident Responder if necessary.
1. Monitoring Incident 2. Opens Ticket 3. Basic Threat Mitigation
- Incident Responder –
Deep investigation of incidents and advise remediation.
1. Deep Investigation 2. Advises Remediation
- SME/HUNTER –
These professionals are highly in their particular field like SME(Threat Intel) , SME(Network) , SME(Malware) , SME(Endpoint). They are highly skilled in hunting potential threats and implementing the tools.
1. In depth knowledge 2. Threat Hunting 3. Preventive measures
- SOC Manager –
This professional manages all the resources of the SOC and serves as the point of contact for the larger organization or customer.
Technologies in SOCs :
SOC needs a security information and event management system (SIEM). This system Combines data from multiple technologies. SIEM systems are used for collecting and filtering data, detecting and classifying threats, analyzing and investigating threats, and managing resources to implement preventive measures and address future threats.
SOC Technologies is/are-
- Event collection, correlation, and analysis
- Security monitoring
- Security control
- Log management
- Vulnerability assessment
- Vulnerability tracking
- Threat intelligence