This page is fully or partially automatically translated.

IABG Header
  • Product presentation
  • Management I
  • Data Center

Central Security Management using a Security Operations Center (SOC)

The presentation explains the necessity of a SOC and gives strategic recommendations for its deployment

10/6/2020 5:30:00 PM – 10/6/2020 5:45:00 PM

Please log in or register in advance so that you can take part in actions or watch videos about the action!

This action is available to the it-sa 365 community as a video.

IABG Header
  • Product presentation
  • Management I

The presentation explains the necessity of a SOC and gives strategic recommendations for its deployment

Language: German

Questions and Answers: Yes

graphical blue background

This video is available to the it-sa 365 community. Please register or log in with your login data.

Action description

Due to an ever more far-reaching and comprehensive digitalization and networking of IT and OT infrastructures, new attack possibilities such as phishing, SQL injection, ransomware, denial of service or advanced persistent threats are constantly emerging. The associated risk situation as well as legal and regulatory frameworks (e.g. IT security law) require an ever increasing focus on the detection, reporting and handling of security incidents related to the company's IT and OT infrastructure. This task is typically performed by a Security Operations Center (SOC).
The range of tasks of a SOC can be further detailed, e.g. classical core tasks include
- the general guarantee of information security of the IT/OT infrastructure,
- in the identification of vulnerabilities,
- in monitoring IT/OT infrastructures and detecting attacks / incidents,
- in the coordinated resolution of security incidents, or
- in the measurability of the level of information security.
In addition, classic core tasks of a SOC are often combined with other tasks of a Computer Emergency Response Team (CERT) / Computer Security Incident Response Team (CSIRT), such as
- the observation of the general threat situation,
- the evaluation of hazards including forensics, or
- the preparation of recommendations (Advisories).
As an internal service provider of an organization, a SOC therefore has numerous interfaces. For example, it acts as a general contact point for security aspects of both users and administrators and is concerned with continuously increasing security awareness in the organization. The SOC supports the management in complying with the security policies issued and, if required, provides appropriate evaluations, reports and situation reports. For the detection and resolution of security incidents, there is close cooperation with the persons responsible for the operation of the IT/OT infrastructures.
The detection of security incidents is technically based on the evaluation of a multitude of log data from different log sources. These log sources can be network components such as routers or switches, client and server systems or security components such as firewalls, virus walls or intrusion detection systems. A SOC therefore usually offers a technical core function for the central collection and analysis of log data, a so-called Security Information and Event Management (SIEM) system. This also enables the correlation of log data from different manufacturers and platforms and thus extensive and effective possibilities for the detection of security incidents. The SIEM visualizes this in an integrated dashboard, generates corresponding events and alarms and thus forms an essential technical basis for the creation of a complete cyber security situation picture of the organization.
Due to the extensive functions and tasks of a SOC, its setup is usually done step by step. At the beginning, it is often advisable to collect log data centrally and on this basis to detect security incidents. In the next step, additional tasks can be added to the security incident remediation, including threat intelligence and forensics.
An important aspect in setting up a SOC is the selection of the appropriate operator model. Besides the classical in-house operation and outsourcing of SOC tasks, a variety of hybrid operator models are conceivable. Organizational, strategic, technical and economic aspects should be considered when deciding on the appropriate operator model.
The presentation explains the necessity of a SOC for the operation of complex IT/OT infrastructures, shows its core functionality and gives strategic recommendations on how to approach its implementation.

read more