[go: up one dir, main page]
Scribd
Upload
113 views19 pages

Understanding SOC: Cybersecurity Operations Guide

The document discusses what a security operations center (SOC) is and its functions. A SOC monitors an organization's technology infrastructure to protect against cyber threats. Key functions of a SOC include log collection, analysis, monitoring for security events, incident management, and threat response. The document also covers SOC models, roles, and requirements for establishing a successful SOC.

Uploaded by

Lindiwe Sibanda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
113 views19 pages

Understanding SOC: Cybersecurity Operations Guide

The document discusses what a security operations center (SOC) is and its functions. A SOC monitors an organization's technology infrastructure to protect against cyber threats. Key functions of a SOC include log collection, analysis, monitoring for security events, incident management, and threat response. The document also covers SOC models, roles, and requirements for establishing a successful SOC.

Uploaded by

Lindiwe Sibanda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

“ SOC ”

ZERO TO ONE
By Urvesh Thakkar
WHO AM I ?
Urvesh Thakkar
CHFI | CTIA | ECIH | CND | eTHPv2 | CCSE

● Associate SecOps Engineer @Informatica


● Blue Cap Guy having exposure on TI-TH,
DFIR, multiple SIEM tools, SOAR etc.
● Cyber Psychology Aspirant
WHAT IS SOC?
A SOC is a central place or team that keeps a keen eye on organisation’s
technology infrastructure i.e. computer systems and networks to protect
them against cyber threats. It is just like any traditional physical defense
team but in a digital realm that monitors, detects, analyzes and responds to
potential cyber threats to the company.
REQUIREMENT
● To identify potential cyber threats
● To track and secure large chunks of data and information
● Effective and faster response to threats
● Mitigate and reduce security vulnerabilities
● Reduce dwell time
● To minimize business loss
● Continuous monitoring and effective risk preparation
● Compliance and regulatory standards
SOC FUNCTIONS
OPERATION
● Log Collection
● Retention & Archival
● Log Analysis
● Monitoring for security events
● Log correlation
● Incident Management
● Threat Identification
● Threat Response & Intelligence
● Reporting & Documentation
● Process Reviews and improvements
1
CO
LL

2
EC
IN T
GE

3
ST
VA
LI
DA
TE

4
RE
POR
T
5

RE
SP
OPERATION

ON
D
6

DO
CU
M
EN
T
ROLES
TYPES OF SOC MODELS
OPERATION
Consider “SOC” as “Security-as-a-service (SECaas)” that deals with cyber
threat detection and event management. To establish a successful SOC and
provide good quality service a SOC must have the following well managed:

● Human Resource (noo not HR one)


● Tech stack
● Infrastructure
● Management & Process
FIRST LINE OF DEFENSE
SIEM
● A SIEM solution is a dedicated centralized platform to gather, analyze
and overseeing security related data sourced from various data points
within the IT infrastructure.

● The primary objective of SIEM is to help orgs to identify and respond to


security threats more effectively

SIEM = SEM (Sec Event Management) + SIM (Sec Information Management)


FUNCTIONS
LOGS …
Host Centric Log Sources - Events that occurred within or related to the
host i.e. endpoint. Windows Event Logs, Sysmon, Osquery etc.

- A user accessing a file


- Process executions
- PS or CMD executions
- Modification of registry by a process
- Authentication logs
LOGS …
Network Centric Logs - logs that are generated when the hosts
communicate with each other over the internet.

- SSH connections
- File access using FTP
- Access of org resources using VPN
- Network file sharing activity
BASIC ARCH
BASIC ARCH
SECURZY PRO COUPON CODE: CYBERURVESH
BCDE

You might also like