Advanced Security Operations Centre (SOC) - Features & Technical Capabilities

This gives a glimpse of Advanced Security Operations Centre (SOC) Features & Technical Capabilities. This document is not explicit, it assumes you have prior knowledge of the subject, therefore only pointers have been mentioned.

This was presented at SACON and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are in order, you can pre-register/register for special deals and/or notifications here . You can check out the complete presentation here

Advanced Security Operations Centre (SOC) Features

  • Threat Assessment & Hunting

    • Knowing threats & adversaries
    • Their tools & methods
    • Critical assets for targets
    • Existing controls & weaknesses
    • Monitoring presence, IOC,Management & Hunting

  • Threat Intelligence

    • Internal threat intelligence
    • External threat intelligence
    • Application of threat intelligence
    • Automated consumption of threat intelligence (automated SIEM rules/runbook)

( Do More : Workshops on SOC, Threat Intelligence, Threat Hunting, Incident Response. To get notifications on the workshop session, keynote speaker etc. Register here )

  • Situational Awareness

    • Context and enrichment
    • Visibility

  • Security Analytics

    • Behavioral profiling for users & systems
    • Database searches & statistical modeling, reporting & visualization
    • Forensics capability

( Read more : Security Incident & Event Management (SIEM) Framework For Produ... )

Advanced Security Operations Centre (SOC) - Technical Capabilities

  • Data collection capabilities & compliance benefits of log management
  • The correlation, normalization and analysis capabilities of SIEM (Security Incident & Event Management)
  • The network visibility and advanced threat detection of NBAD (Network Behaviour Anomaly Detection) and user behaviour anomaly detection (UBA) by machine learning
  • The ability to reduce breaches and ensure compliance provided by Risk Management
  • The network traffic and application content in sight afforded by Network Forensics
  • The automation of Incident Response by Artificial Intelligence/ Run Books
  • IOC /  VM Management by Threat Intelligence
  • Reporting & Visualization provided by Presentation Layer

SIEM as a platform should be a truly integrated solution built on a common codebase, with a single data management architecture and a single user interface.

Did you know you could compare all SOC/SIEM products and vendors on a single platform instantly ? 

You could compare and discover the SIEM products here.  FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY)………Claim Your Free Account Now By Signing Up

Do write to us at pritha.aash@cisoplatform.com if you'd like us to cover some topics, we'll add it to our research plan.

Views: 145

Comment

You need to be a member of CISO Platform to add comments!

Join CISO Platform

 

Contact Us

Email: contact@cisoplatform.com

InfoSec Media Private Limited, First Floor, # 48, Dr DV Gundappa Road, Basavanagudi, Bangalore, Karnataka - 560004

© 2017   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts