What is a SOC?

A security operations centre, or SOC, is a team of IT security professionals protects the organization by monitoring, detecting, analysing, and investigating cyber threats. Networks, servers, computers, endpoint devices, operating systems, applications and databases are continuously examined for signs of a cyber security incident. The SOC team analyses feeds, establishes rules, identifies exceptions, enhances responses and keeps a look out for new vulnerabilities.

How Does a SOC Work?

The primary mission of the SOC is security monitoring and alerting. This includes the collection and analysis of data to identify suspicious activity and improve the organization’s security. Threat data is collected from firewalls, security information and event management (SIEM) systems. Alerts are sent out to SOC team members as soon as discrepancies, abnormal trends or other indicators of compromise are picked up.

What is SIEM?

Security information and event management (SIEM)is a security technology that aggregates log datafrom multiple sources, identifies suspicious activityand takes appropriate action.
The most basic and important function of a SIEMplatform is to centralize security notifications frommultiple security tools (like firewalls, IDS/IPS,wireless access points, antivirus software, etc.) thateach generate their own alerts every day.

FEATURES OF SIEM

LOG DATA AGGREGATION

Collect and aggregate data from multiple data sources, like network devices, security devices andcloud services.

THREAT INTELLIGENCE

Custom data enrichment with external threat intelligence providers

CORRELATION AND ANALYTICS

Connect the dots between related security events to see the complete picture.

THREAT HUNTING

Derive insights from your log and event data by writing queries.

SECURITY COMPLIANCE

Keep your organization audit-ready with comprehensive reporting.

REAL-TIME SECURITY MONITORING

Monitor key metrics and traffic profiles to identify anomalies.

ALERTING

Detect issues and notify incident handlers for further investigation or remediation.

DASHBOARDS

Give your team a unified security overview, making it easier to identify anomalies with threats.

INCIDENT RESPONSE

Identify and investigate incidents faster by bringing in relevant context and threat information.

SECURITY AUTOMATION

Detect, validate and respond to threats without lifting a finger, thanks to built-in security
orchestration, automation and response (SOAR) functionality.