We changed our name from IT Central Station: Here's why
2021-11-22T02:34:00Z

Why a Security Operations Center (SOC) is important?


Hi peers,

Why SOC is important for an organization? What are the main challenges of the modern SOC?

Thanks.

ITCS user
Guest
36 Answers

author avatar
Top 5Real User

SOC refers to a dedicated platform and team organization to prevent, detect, assess and respond to threats and incidents. In other words, the SOC will collect events from different security components, analyze them, identify anomalies, and define procedures for alerts.


The SOC, which relies on multi-expert skills, thus occupies a strategic role in the security of the IS. Indeed, by the analysis it proposes and the continuous actions in terms of improvement, it makes it possible to reinforce the security governance of the company.

2021-11-22T08:39:11Z
author avatarEvgeny Belenky
Community Manager

@Hasan Zuberi ( HZ ), thank you for your answer! Can you possibly give an example (or two) of how SOC has changed/advanced during the last couple of years?
Thanks

author avatar
Top 5LeaderboardReseller

SOC is the heart of your infrastructure security, a centralized system management mechanism, a collaboration of people and software. It is designed to detect anomalies, highlight real threats in them, and respond to these threats appropriately.


SOC has a complex structure and it naturally has bottlenecks. From my personal experience, the bottlenecks in the SOC are people. The human factor should be excluded as much as possible because one mistake in determining a false-positive attack can lead to critical consequences.

2021-11-23T11:39:16Z
author avatarEvgeny Belenky
Community Manager

@Denis L thank you for the answer! 
Do you mean, for instance, such a thing as "alert fatigue"? Anything else?

*We have written recently about it here: Reducing Alert Fatigue for SOC Analysts.

author avatarDenis L
Top 5LeaderboardReseller

@Evgeny Belenky yeah, "alert fatigue" is also a consequence of the human factor. 

Without a continuous process of SOC software configuration, SOC will face this "alert fatigue" issue. 

One more thing is gaps between different parts of the SOC team. Multi-experts are great, but they can be really expensive and hard to find. 
In real life, the basic SOC team is 5-7 people up to 22-23 years old (yesterday students)  and the Head of SOC somewhere from the Bank Cybersecurity department or from a similar position. 

And in this case, you need to put a lot of resources to build a real SOC team: staff training, team building, inside audits of SOC work. As I said before - People. Because people configure software, mark an alert as false-positive, tick "reviewed" boxes; configure SIEM, EDR, UEBA, etc. So you need to be sure that every member of the SOC team is in the right place with the right set of skills.

author avatar
Top 5LeaderboardReal User

Visibility for proactive actions, whether business (BOC) or security (SOC).

2021-12-10T12:01:19Z
Find out what your peers are saying about Everbridge, PagerDuty, BigPanda and others in IT Alerting and Incident Management. Updated: January 2022.
565,304 professionals have used our research since 2012.