401 Reading 12 - marsecguy/reading-notes-cyberops GitHub Wiki

SOC

1. What are three tasks which SOCs often perform?

   • Provide proactive, around-the-clock surveillance of networks, hardware and software for threat and breach detection, and incident response.
   • Install, update and troubleshoot application software.
   • Monitor and manage firewall and intrusion prevention systems.
   • Scan and remediate antivirus, malware and ransomware solutions.
   • Help with patch management and whitelisting.
   • Provide deep analysis of security log data from various sources.

2. Explain what a SIEM solution is and how the SOC utilizes it in non-technical terms.

   • Security Incident and Event Management (SIEM) programs monitor, aggregate and organize data from logs and other streams to speed the process of finding attacks and issues more quickly and rapidly get the details needed to mitigate them when they occur. The SOC can monitor the alerts from the SIEM, rather than have to sort through vast streams of data themselves, and can quickly determine what has happened when an event occurs to begin the process of mitigating and recovering.

3. How does the typical SOC team structure resemble the structure of an IT Help Desk.

   • It is hierarchical in nature. First line analysts can deal with most simple tasks that come up. For something they cannot handle, it can be escalated to the next level and up again until it is either resolved or the manager has to get involved.

Source: Splunk