Building a new SOC capability may involve lot of planning and would attract huge initial investment.

While there are multiple approaches to address this, given below are some of the simple steps one can follow:

1. Understanding Business Goals, type of business, organization culture & constraints & budgets

2. Gap Analysis with the existing set up and formulating milestones for implementation based on priorities

3. Lessons learnt from previous incidents forms major input in designing people, process and technology structure for SOC

4. Incremental SOC building approach is better than one time heavy investment to de-risk some of the unknowns

5. Collaboration with people – multiple functions within organization (People), technologies deployed & various processes. This collaboration needs to be handled carefully and it forms a part of critical success factor.

5. Based on organization culture, existing set up and availability of in house skills, decide right mix of in house and outsourced team. In some cases day to day SOC monitoring and operations can be handled by in house team while incident response (IR) requiring special skills to handle crisis can be handled through outsourced professional team

6. Clear definition of Tier 1, 2 ,3 team structure with roles and responsibilities

7. Establish processes to cover preparation, identification, containment, eradication, recovery and  lessons learnt

8. Be careful of compatibility issues with technologies v/s system working in silos w.r.t reporting tool (SIEM) integration with network logs, system logs, endpoint logs etc.

9, Based on level of integration, actions can be planned for manual or automated for patching firewall modification, revocation of access, system quarantine or reimage

10. To reduce false positives, best practice is to build baselines by monitoring  network devices and endpoints  for a period of time and then identifying abnormal suspicious activity to generate alert

11. Subscribe good Threat intel – CyberThreat Intel (CTI)

12. Slowly build Incident "hunter" culture and not waiting to work for escalated incidents.

13. Continuous updates and trainings on change in Threat Landscape and technologies are very much essential to face ever challenging nature of security. This training needs to be planned at all levels - SOC team, top management and others.

14. Build maturity over time using -  

 - lessons learnt-

-  new security posture

- swiftly detecting and prioritizing investigations incidents

- risk tolerance

- continuous hardening to minimize attack surface

- available expertise and budget

- continuous improvements within org constraints & pushing boundaries, striving to achieve its critical security mission

  In the next article, will discuss about Next Generation SOC.

Discover & Compare 1000+ Cyber Security Products (It's Free!)

FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY).

>>Click Here To Sign Up For FREE

Views: 605

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform



CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service