SOC – Facility & Technologies


Choosing a SOC facility is an important step and depends upon multiple factors:

• Does the facility have permission to run 24*7?

• Is it allowed to have two or more internet link in the building for redundancy?

• Does the building is deployed with required physical security controls (like CCTV, Water Sprinkler, Fire Extinguishers, Access Controls, DR Drills etc.)?

MSSP can deploy technology platform at the same location where the SOC team is deployed for monitoring. Also, the SOC team can be separated from the facility where technology platform is implemented. Most MSSP providers outsource their technology platform to cloud providers and deploy technical controls to cloud node. SOC team connects to the cloud node for monitoring and incident management.

SOC Facility Element

• SOC Room: SOC team is deployed in SOC room for monitoring and Incident Management

• Secure Phone Booth: For phone calls to discuss sensitive issues in a soundproof booth

• Monitors / LED’s: LED’s for Analysts for real-time tracking

• Lockers: For Analysts to keep their belonging like phones etc. outside of the SOC room

• War Room: Dedicated room for customers, third-party vendors, conference calls etc.

• Physical Access Control: Two-factor authentication or multi-factor authentication to access SOC facility like biometric, pin, access card etc.

• Visitor Management: To log visitors, customers, third-party vendor details

These are the basic requirement to build SOC, and other components can be deployed depending upon the budget and needs.

SOC: Technology Components

SIEM : To collect the logs from Security Devices, Network Devices, Operating Systems, Applications, Infra etc.

Incident Management tool : For Managing Incidents, alerts

Customer Portal: MSSP can also deploy web-based portal for the customer to provide them with a dashboard view on their infrastructure, on the security posture like the view on the number of security incident occurred, number of threats, risk status etc.

SIEM Availability platform: Its necessary to deploy availability platform to monitor SIEM availability and make sure it is available all the time and in case of Primary SIEM is not available to redirect the traffic to backup SIEM.

SOAR: Security Orchestration Automation and Response, a tool to automate the mitigation process.

UEBA: User and Entity Behavior Analytics, a tool to learn and understand by the User experience,

behavior , pattern. It defines a baseline, and alert SOC team in case of baseline threshold exceeded.

Firewall: To create a secure tunnel between customer premises and SOC

Bandwidth: To collect the logs from customer premises

Threat Intelligence Platform: for Feeds, IOC’s to detect advanced, latest known threats

Vulnerability Management feeds: For correlation and detects security incidents effectively.

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Post

Cedonetworks creates the most advanced but straightforward courses on cyber security that are delivered by some of the sharpest minds in the IT sector.

Head Office

  • Location

    India

  • Email Us

    info@cedonetworks.com

  • Contact

    +91-6005643996

Copyright © 2024 cedonetworks, All rights reserved.

×