topic Security Operations Center in Tech Talk

Security Operations Center

Azimuth — Tue, 17 Oct 2017 16:16:22 GMT

Folks, do you know, by chance, applicable standards or best practices for building and/or evaluation of Security Operations Centers (SOCs)? thanks everyone in advance!

Re: Security Operations Center

cec0172 — Tue, 17 Oct 2017 17:23:08 GMT

Alienvault has a publication you can download for free.

"How to Build a Security Operations Center (on a Budget)"

https://www.alienvault.com/resource-center/ebook/how-to-build-a-security-operations-center

Its not a bad book to start.

Realize that if do you give them your contact information they will call.

Good Luck,

CEC

Re: Security Operations Center

azhuk — Sat, 21 Oct 2017 15:24:34 GMT

Hello Azimuth,

I am not sure about any standards, but here are a few resources that should help you get started:

1. SANS Whitepaper "Building a World-Class Security Operations Center: A Roadmap."

2. Logrythm Whitepaper "How to Build a SOC with Limited Resources" (you will have to provide your contact info to download, but you might find it useful enough. The paper is full of diagram including a "Cost Comparisons of Various SOC Staffing Models" matrix.

3. For in-depth overview of the subject, here is a 200-page book "Security Operations Center Guidebook: A Practical Guide for a Successful SOC."

4. Just found this webinar recording and am updating my comment to include the link: "How to Run a Business-Driven SOC" by InfoSecurity Magazine.

I hope this helps. Please let me know if you need any additional help. Good luck!

Re: Security Operations Center

Greg — Wed, 18 Oct 2017 19:29:17 GMT

In addition to the other wonderful suggestions from our fellow members, there exists an excellent write up on SOCs by MITRE:

https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf

Re: Security Operations Center

azhuk — Wed, 18 Oct 2017 20:41:11 GMT

Thank you Greg for sharing an awesome source of practical wisdom!

Re: Security Operations Center

Jackson-munuo — Tue, 26 Dec 2017 18:17:08 GMT

Thank you for sharing some of this material. Would you by any chance have templates or examples of SOC policies and procedures or a runbook that you can share as well? I am more specifically looking for:

Event log Monitoring
Notification
Incident logging
Event Classification and Triage
Prioritization and Analysis
Remediation and Recovery
Assessment and Audit
Dashboards and Reporting
Incident Investigation

Re: Security Operations Center

adubey2321 — Wed, 29 Aug 2018 09:28:55 GMT

Nice Article...its very Helpful for the users.

Re: Security Operations Center

Markonweb — Wed, 29 Aug 2018 20:41:41 GMT

A 2018 SANS survey on SOCs provides some interesting data points and metrics https://www.sans.org/reading-room/whitepapers/analyst/definition-soc-cess-2018-security-operations-center-survey-38570

Re: Security Operations Center

Ramon — Sun, 23 Sep 2018 13:34:12 GMT

In my opinion setting up a SOC isn't something you should take lightly. I'dd love the challenge and experience to set up a SOC for my company but once you have a SOC the time to invest and knowledge to keep up I decided it's best to use a SOC-As-A Service from an experienced specialist.

Re: Security Operations Center

Shannon — Sun, 23 Sep 2018 13:45:02 GMT

@Ramon wrote:
In my opinion setting up a SOC isn't something you should take lightly. I'dd love the challenge and experience to set up a SOC for my company but once you have a SOC the time to invest and knowledge to keep up I decided it's best to use a SOC-As-A Service from an experienced specialist.

Exactly. In my current organization, after I listed resources required for an in-house SOC, doing a costs-benefits analysis led to us going in for a Managed Security Services provider for the SOC...