User:Siddiqueseo/sandbox

What Are SOC Services?

Businesses are using Security Operations Centers (SOCs) to assist in stopping cyberattacks, while companies that lack the resources to set up themselves as SOCs are using Managed Security Service Providers (MSSPs). An SOC integrates individuals, processes and technology to address compliance concerns, detect and deal with new cyber threats and ensure that businesses are current with their current position in cyber security. SOCs are located within and outside of an organization. SOCs are utilized by universities, government agencies as well as businesses and non-profit organizations to protect their networks. It is likely that the majority of SOC studies are focused primarily on technology, with a lack of focus on human aspects, SOC processes, and SOC analyst concerns. According to the literature about SOCs there's a lack of suitable criteria and measures for evaluating the work of analysts.

Since organizations are increasingly using SOCs in their cyber security strategies numerous research studies are being conducted in order to help understand better and better SOC operations. According to a recent study that was released, the number of security incidents rose by 11% between 2018 to 2017. While this report only covers incidents that were reported and not discovered but the quantity of instances will likely to be much greater. In addition, the annual cost of cyber-attacks is constantly growing. The majority of cyber-attacks go unnoticed for a shockingly long period. In 2018 the time it took was 196 days discover an attack, and 69 days to control it. It's clear the way that companies are unable to keep pace with the latest sophisticated cyber-attacks due to of the lengthy detection time. It's not only that firms do not have a full understanding of their systems, devices as well as their applications and networks and systems; they do not know which assets they should protect and which tools to employ and which tools to use, how they can integrate into their current infrastructure, or get overwhelmed by the technological advancements and constantly changing threat landscape.

Security Operations Centers can help to detect and prevent attacks when properly set up and utilized. To recall, detect, and mitigate hazards before they cause harm, people, procedures, and technologies are combined with governance/compliance. A SOC is an operational central unit that is responsible for the entire security operation. The majority of people view it as a complicated system for managing and enhancing the security of an entire organization. An SOC is divided into seven functional divisions based on these functions. While Security operations centres (SOCs) are widely considered to be critical but they are often viewed as reactive and passive security tools. A People, Processes, and Technologies (PPT) framework is used extensively to describe SOC activities. This model can aid in the solution of numerous information technology issues like knowledge management and management of customer relationships.

However this model is commonly utilized by SOC suppliers to summarize and organize their offerings. Although it is generally viewed as a subcategory within processes, we also consider the governance and compliance categories separately. Therefore, the PPTGC framework was included in the original PPT structure (Person, Processes, Technology Governance, Compliance). PPTGC is a framework for managing for processes, people and technology. This is accomplished by the combination of the concept of a SOC and using the PPTGC architecture. But, there isn't any standardized nomenclature that describes an SOC.

It is the Network Operations Center identifies, analyzes, prioritizes, solves and escalates issues (NOC). The NOC, on the contrary is able to handle various issues due to the fact that they concentrate on events that impact a company's networks' performance as well as availability. Because incidents can affect any system, not only networks, companies can gain from cooperation between NOC as well as the SOC teams.

"Security Intelligence Center" (SIC) "Security Intelligence Center" (SIC) was first used in 2017 to describe the successor to SOC. It is able to visualize and manage all security intelligence in one single location, which is more than the Security Operations Center (SOC). In the process, different technologies are being integrated (such such as IS information management, big data processing and knowledge management).

Security Information and Event Management (SIEM) has grown to be an essential part of satisfying the SOC's technical requirements. It is responsible for collecting all data related to security into one place. It performs security analytics through the correlating of log events. It can handle logs by storing events for a longer period of time. Other functions include reporting, enrichment, and alerting to mention just a few. SIEM connects to cyber-security intelligence exchange platforms and connects security analysts on a human basis by offering security analytics that are visual to assist in sharing information about threats.

How Are SOC Services Designed?

International visual design for architecture on a higher and abstract scale there are three different ways to organize SOCs in three ways: central, distributed and decentralized. With a centralized architecture, all information from SOCs and their affiliates are sent to one primary SOC to be processed further. The reverse is true in the distributed SOC which is one system that is with multiple businesses. It appears to users that they are in contact with one person. The distributed system allows every entity to access information, process, and combine it, as well as offer security information and services to other companies. It helps to ensure more fair workload and data distribution. The third general architectural design for SOCs is an uncentralized system that blends the two systems types previously mentioned. A small-scale network of SOCs which is a decentralized SOC as a service is managed through one or several central SOCs. In comparing previous studies to newer studies, an evolution away from one SOC to a centralized design is evident. The reason behind this is to prevent a single source of failure.

Architecture and design for technology an SOC includes multiple functions, rather than being focused on one method or system. The SOCBox was among the first models of architecture for SOCs, created by Bidou et al. and validated by Ganame and Ganame. and tested by Ganame et al. SOC comprises messages databases, engines for analysis events generators as well as software for managing reactions. The SOCBox architecture has a number of drawbacks as it was initially introduced around 15 years ago in addition to the fact that technology has improved dramatically. SOCBox can't withstand attacks, only provides the collection of data and the management of incidents. The proposed design outlines the central system as having many sources of error. Due to the complexity of current IT landscapes and technological advances distributed architectures are believed to be the best choice. This SOCBox design has gone through several adjustments and improvements through the time. The same authors are proposing Distributed SOC (DSOC) as the next step.

Governance and compliance within the SOC

Engagement in social activities: Utilizing using the PPTGC structure, we start by studying the individuals who make up the SOC. Through reading the research it is possible to identify the various tasks and responsibilities that are assigned to the SOC. Training and awareness programs and SOC cooperation and communications methods are discussed in depth. This is also covered in related books about finding new employees and maintaining the ones that you have already.

Responsibilities and roles Like any other unit of an organization, it is a multi-faceted unit with a range of duties and roles. The primary tasks of a SOC generally include a variety of levels of analysts as well as dedicated managers. The scale and complexity of a task require the formation of teams. Based on the information we have gathered there are three distinct tasks:

triage specialists are the names used by first responders. Analysts in Tier One are accountable for obtaining raw data, as well as reviewing alarms and alerts. If an alert is thought to be serious enough, it needs to be reinforced with additional details. The triage expert must decide whether the alert is genuine or an untrue positive. Other potentially high-risk events and events must to be identified by this point. Each of them should be prioritized in accordance with the urgency level with the urgency with which they are viewed. When analysts from tier 1 are not able to resolve the issue the issue is escalated to level 2. Monitoring tools are usually managed and set up by triage specialists.

Level 2 Incident Responder Tier 2 analysts analyze the most important security concerns raised by triage experts and conduct more thorough analysis with information about threats (Indicators of Compromise (IOC), updated rules, etc.). They are required to be aware of the systems that have been compromised and the extent that the threat. The raw attack telemetry from the first tier transformed into valuable threat information through this second tier's transform process. Incident responders develop and implement strategies to manage and recover from incidents. If an analyst of tier 2 has difficulties recognizing or reducing an attack, the incident could be escalated to level 3.

3 analysts: Tier 3 Analysts: (also known as "Threat Hunters") are the most experienced in an SOC. This is why incident responders assign responsibility for efficient emergency management and response to these analysts. They also oversee or conduct vulnerability assessments and penetration tests to discover potential attack routes. Their primary task is to spot vulnerabilities, threats, or vulnerabilities that could not be noticed. They must be aware of potential threats to systems and suggest ways to enhance those security surveillance tools which have been developed. Tier 3 analysts in security are responsible of reviewing all alarms for security, threats intelligence and other security information provided to Tier 2 analysts.

SOC manager SOC Managers supervise their security operation team. They offer technical assistance when required, but more important, they are accountable to effectively manage the team. Employees need to be constantly educated and evaluated, procedures should be developed and documented, incident reports should be reviewed and crisis communication plans should be created and implemented. SOCs can also be used by CISOs as well as other managerial positions to handle issues with finances, assist in security audits in addition to reporting to CISO.