Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of doIT solutions GmbH
Forums it-sa Expo 2023 Knowledge Forum E

Output Driven SOC - Optimized Security and Compliance

Get the critical perspective on redesigning a SOC and experience your own personal A-Ha effect.

calendar_today Wed, 11.10.2023, 11:45 - 12:00

event_available On site

place Hall 7A, Booth 7A-102

Action Video


Action description





Managed Security Services / Hosting SIEM / Threat Analytics / SOC

Key Facts

  • Actionable Alerts
  • KRITIS Ready
  • Targeted Response


This action is part of the event Forums it-sa Expo 2023

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

An effective Security Operations Center (SOC) is crucial for detecting, analyzing, and responding to threats. In the past, the focus of building a SOC was primarily on selecting and implementing detection technologies and generating alerts. However, this traditional approach often neglected a critical aspect: What actually happens with all the generated alerts, and more importantly, who handles them?
We believe it's time to take a new perspective on how we construct a SOC. Instead of primarily emphasizing alarm generation technologies, we place a greater focus on the process of alarm processing. After all, unprocessed alarms are not much more valuable than having no alerts at all. The key is how we handle these alerts, prioritize them, analyze them quickly, and respond to them. Alarm processing is most efficient when all incidents are fully handled through a unified platform. This allows information from all connected technologies to be aggregated at an early stage, specifically during the First Level Response, and triggers consistent reactions.
Rather than approaching threat detection by asking which tools we should use, we start with the desired outcomes. Which IT risks should be reduced? What compliance requirements must be met? Which IT services and systems are in productive use? Following the minimalist principle, we then select the most suitable technologies, such as SIEM, EDR, and NDR, and integrate them into a collaborative process.
Similar monitoring cases can be implemented independently of the technology used. Intelligent automation and prioritization become possible, thereby enhancing the quality of SOC performance while optimizing costs.
A significant part of the operational work in the SOC comes from continuously improving alarm processing. Streamlined SOC processes not only positively impact response times but also help reduce efforts.
Another aspect we incorporate into our approach is collaboration with other teams and departments within the company. A SOC should not work in isolation but rather collaborate closely with the IT department and other relevant stakeholders. Through seamless integration and information exchange, we can ensure an effective response to security incidents and minimize the impact of attacks.
If you are ready to change your perspective on SOC construction and pursue a holistic security strategy, we are here to assist you. Let's work together to shape the future of security and protect your company from constantly evolving threats
... read more

Language: German

Questions and Answers: No


show more

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.