Skip to main content
Workforce LibreTexts

6.5: Fighters in the War Against Cybercrime- The Modern Security Operations Center

  • Page ID
    9784
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    \( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)

    ( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\id}{\mathrm{id}}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\kernel}{\mathrm{null}\,}\)

    \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\)

    \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\)

    \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    \( \newcommand{\vectorA}[1]{\vec{#1}}      % arrow\)

    \( \newcommand{\vectorAt}[1]{\vec{\text{#1}}}      % arrow\)

    \( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vectorC}[1]{\textbf{#1}} \)

    \( \newcommand{\vectorD}[1]{\overrightarrow{#1}} \)

    \( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}} \)

    \( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)

    \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    Besides the tools and practices discussed earlier to protect ourselves, companies also have increased their investment to fight against cybercrime. One such investment is a dedicated center called Security Operations Center to safeguard companies from internal and external threats.

    Elements of a SOC

    Defending against today's threats requires a formalized, structured, and disciplined approach that is carried out by Security Operations Centers professionals who work closely with other groups such as IT or networking staff. SOCs offers a wide variety of services tailored to meet customer needs, from monitoring and compliance to comprehensive threat detection and hosted protection. SOCs may be wholly in-house, owned and run by a company, or security providers, such as Cisco Systems Inc.'s Managed Security Services, may be contracted to elements of a SOC. The key elements of a SOC are individuals, processes, and technology.

    A great way to fight against threats is through Artificial Intelligence (AI) and machine learning. AI and machine learning use multi-factor authentication, malware scanning, and fighting spam and phishing to fight against threats.

    Process in the SOC

    SOC professionals monitor all suspicious activities and follow a set of rules to verify if it is a true security incident before escalating to the next level severity for the incident for appropriate security experts to take appropriate actions.

    The SOC has four principal functions:

    • Use network data to check the security warnings
    • Evaluate accidents that have been checked and determine how to proceed
    • Deploy specialists to evaluate risks at the highest possible level.
    • Provide timely communication by SOC management to the company or clients

    Technologies deployed in the SOC include:

    • Event collection, correlation, and analysis
    • Security monitoring
    • Security control
    • Log management
    • Vulnerability assessment
    • Vulnerability tracking
    • Threat intelligence

    Enterprise and Managed Security

    The organization will benefit from the implementation of an enterprise-level SOC for medium and large networks. The SOC could be a complete solution within the company. Yet many larger organizations will outsource at least part of the SOC operations to a security solution provider such as Cisco Systems Inc.