What is SOC?
what is security operation center?
Security Operation center (SOC) is a proactive security measure implemented in a company in order to secure the information security of the company and ensure the cyber security of a company.
In another way, SOC is a team of IT security professionals who are capable of ensuring the organization's security by monitoring, detecting, and analyzing cyber incidents. It is a centralized function which is analyzing the cyber incidents generated by the company and it’s applying security measures for the company.
In a security operation center, all the endpoints are monitored by the tools which are implemented in the SOC. These tools are specialized for use in security operation centers and they are generating suspicious activities as incidents. Those incidents are analyzed by the information security analyst and take necessary actions.
Functions of SOC
- Endpoint management
- Network Security
- Monitor and Analyze security incidents
- Take necessary actions to security incidents
- Stay Updated with latest security trend (CTI)
Nowadays, every company is running a SOC, because they have sensitive systems which are affecting their business continuity. even though they do not want to conduct to SOC operations they have to somehow do it otherwise they put company information security at risk. so some companies intend to outsource to look after the security procedures of the company on their behalf.
SOC Tools Using by Companies
- Microsoft Sentinel
- IBM qradar
- SOC Radar
- Cortex XDR
- Darktrace
- Crowdstrike
- Cybereason
- SOPHOS
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
For further reference :-
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Written by:- Chandimal Ekanayake — 4th Year 1st Semester Cyber Security Student — SLIIT
