centers - All Articles - CISO Platform2024-03-29T05:01:00Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/centersAdvanced Security Operations Centre (SOC) - Features & Technical Capabilitieshttps://www.cisoplatform.com/profiles/blogs/security-operations-centre-soc-features-technical-capabilities2017-07-01T22:30:00.000Z2017-07-01T22:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span>This gives a glimpse of Advanced Security Operations Centre (SOC) Features &amp;amp; Technical Capabilities. This document is not explicit, it assumes you have…</span><br /><br />This was presented at <a href="https://www.sacon.io/?utm_source=CPBlogASOC&utm_medium=BannerImg&utm_campaign=SACON_Bang2017_PreReg" target="_blank">SACON</a> and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are in order, you can pre-register/register for special deals and/or notifications <a href="https://www.sacon.io/?utm_source=CPBlogASOC&utm_medium=BannerImg&utm_campaign=SACON_Bang2017_PreReg" target="_blank">here</a> . You can check out the complete presentation <a href="http://www.cisoplatform.com/profiles/blogs/soc-architecture-tech-stack-process-org-structure-people-skills" target="_blank">here</a></p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/soc-features-technical-capabilities" target="_blank"><img width="690" src="{{#staticFileLink}}8669803265,original{{/staticFileLink}}" class="align-full" alt="8669803265?profile=original" /></a></p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-6">Advanced Security Operations Centre (SOC) Features</span></strong></p>
<p></p>
<ul>
<li>Threat Assessment & Hunting<br /> <br /><ul>
<li>Knowing threats & adversaries</li>
<li>Their tools & methods</li>
<li>Critical assets for targets</li>
<li>Existing controls & weaknesses</li>
<li>Monitoring presence, IOC,Management & Hunting</li>
</ul>
</li>
</ul>
<p></p>
<p></p>
<p></p>
<ul>
<li>Threat Intelligence<br /> <br /><ul>
<li>Internal threat intelligence</li>
<li>External threat intelligence</li>
<li>Application of threat intelligence</li>
<li>Automated consumption of threat intelligence (automated SIEM rules/runbook)</li>
</ul>
</li>
</ul>
<p></p>
<p>( Do More : Workshops on SOC, Threat Intelligence, Threat Hunting, Incident Response. To get notifications on the workshop session, keynote speaker etc. Register <a href="https://www.sacon.io/?utm_source=CPBlogASOC&utm_medium=BannerImg&utm_campaign=SACON_Bang2017_PreReg" target="_blank">here</a> )</p>
<p></p>
<p></p>
<ul>
<li>Situational Awareness<br /> <br /><ul>
<li>Context and enrichment</li>
<li>Visibility</li>
</ul>
</li>
</ul>
<p></p>
<p></p>
<p></p>
<ul>
<li>Security Analytics<br /> <br /><ul>
<li>Behavioral profiling for users & systems</li>
<li>Database searches & statistical modeling, reporting & visualization</li>
<li>Forensics capability</li>
</ul>
</li>
</ul>
<p></p>
<p></p>
<p>( Read more : <a href="http://www.cisoplatform.com/profiles/blogs/security-incident-event-management-siem-framework-for-product-eva" target="_blank">Security Incident & Event Management (SIEM) Framework For Product Evaluation</a> )</p>
<p></p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-6">Advanced Security Operations Centre (SOC) - Technical Capabilities<br /> <br /></span></strong></p>
<ul>
<li>Data collection capabilities & compliance benefits of log management</li>
<li>The correlation, normalization and analysis capabilities of SIEM (Security Incident & Event Management)</li>
<li>The network visibility and advanced threat detection of NBAD (Network Behaviour Anomaly Detection) and user behaviour anomaly detection (UBA) by machine learning</li>
<li>The ability to reduce breaches and ensure compliance provided by Risk Management</li>
<li>The network traffic and application content in sight afforded by Network Forensics</li>
<li>The automation of Incident Response by Artificial Intelligence/ Run Books</li>
<li>IOC / VM Management by Threat Intelligence</li>
<li>Reporting & Visualization provided by Presentation Layer</li>
</ul>
<p></p>
<p>SIEM as a platform should be a truly integrated solution built on a common codebase, with a single data management architecture and a single user interface.</p>
<p></p>
<p></p>
<p></p>
<p><strong><span class="font-size-6">Did you know you could compare all SOC/SIEM products and vendors on a single platform instantly ?</span></strong> </p>
<p><span>You could compare and discover the SIEM products <a href="https://www.firecompass.com/security/market/SIEM?market_name=Security%20Information%20and%20Event%20Management" target="_blank">here</a>. <a href="https://www.firecompass.com/?utm_source=CPBlogASOC&utm_campaign=FCEU" target="_blank">FireCompass</a> is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. <strong>Grab your FREE Account Now</strong> (For a Limited Time ONLY)………</span><a href="https://www.firecompass.com/?utm_source=CPBlogASOC&utm_campaign=FCEU" target="_blank">Claim Your Free Account Now By Signing Up</a></p>
<p></p>
<p>Do write to us at pritha.aash@cisoplatform.com if you'd like us to cover some topics, we'll add it to our research plan.</p>
<p></p>
<p></p>
<p></p></div>