Security Operations Center - Salem73616C656D/reading-notes GitHub Wiki
Key Takeaways
SOC:
- A security operations center (SOC), also called an information security operations center (ISOC), is a centralized location where an information security team monitors, detects, analyzes and responds to cybersecurity incidents, typically on a 24/7/365 basis.
Why Have A SOC?:
- Respond Faster
- Protect Consumer and Customer Trust
- Minimize Costs
What Does A SOC Do?:
- 24/7 surveillance of network
- Incident Response
- Patching
- Scanning
- Analysis of Security Trends
- Investigation (Breach)
- Policy Enforcement
- Backup/Recovery
Best Practices:
- Develop a Strategy
- Make Sure You Have Visibility Across Your Entire Organization
- Invest In The Right Tools And Services (i.e. SIEM, Firewall, Endpoint Protection, Automation, Monitoring, Log Management, etc...)
- Hire Talented Employees
- Training
Vocabulary
No new vocabulary
Conclusion
A SOC is an important part of any enterprise level network. It will allow you a much more organized and efficient control of your network's security.