6.5: Fighters in the War Against Cybercrime- The Modern Security Operations Center

Last updated
Save as PDF

Page ID: 9784

Ly-Huong T. Pham, Tejal Desai-Naik, Laurie Hammond, & Wael Abdeljabbar
ASCCC Open Educational Resources Initiative (OERI)

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

Besides the tools and practices discussed earlier to protect ourselves, companies also have increased their investment to fight against cybercrime. One such investment is a dedicated center called Security Operations Center to safeguard companies from internal and external threats.

Elements of a SOC

Defending against today's threats requires a formalized, structured, and disciplined approach that is carried out by Security Operations Centers professionals who work closely with other groups such as IT or networking staff. SOCs offers a wide variety of services tailored to meet customer needs, from monitoring and compliance to comprehensive threat detection and hosted protection. SOCs may be wholly in-house, owned and run by a company, or security providers, such as Cisco Systems Inc.'s Managed Security Services, may be contracted to elements of a SOC. The key elements of a SOC are individuals, processes, and technology.

A great way to fight against threats is through Artificial Intelligence (AI) and machine learning. AI and machine learning use multi-factor authentication, malware scanning, and fighting spam and phishing to fight against threats.

Process in the SOC

SOC professionals monitor all suspicious activities and follow a set of rules to verify if it is a true security incident before escalating to the next level severity for the incident for appropriate security experts to take appropriate actions.

The SOC has four principal functions:

Use network data to check the security warnings
Evaluate accidents that have been checked and determine how to proceed
Deploy specialists to evaluate risks at the highest possible level.
Provide timely communication by SOC management to the company or clients

Technologies deployed in the SOC include:

Event collection, correlation, and analysis
Security monitoring
Security control
Log management
Vulnerability assessment
Vulnerability tracking
Threat intelligence

Enterprise and Managed Security

The organization will benefit from the implementation of an enterprise-level SOC for medium and large networks. The SOC could be a complete solution within the company. Yet many larger organizations will outsource at least part of the SOC operations to a security solution provider such as Cisco Systems Inc.