One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2499469 |
| Date de publication | 2021-03-18 11:01:00 (vue: 2021-03-18 11:05:39) |
| Titre | What is a security operations center (SOC)? Explaining the SOC framework |
| Texte | This article was written by an independent guest author. If you’re responsible for stopping cyber threats within your organization, your job is more challenging than ever. The exposure to threats for any organization continues to escalate, and breaches are occurring every day. Consider: The average cost of a data breach is approximately $3.92M On average, it takes 280 days to identify and contain a breach If your company doesn’t have a security operations center (SOC), it may be time to change that. In fact, a recent study indicates 86% of organizations rate the SOC as anywhere from important to essential to an organization's cybersecurity strategy. What is a SOC? The security operations center (SOC) identifies, investigates, prioritizes, and resolves issues that could affect the security of an organization’s critical infrastructure and data. A well-developed and well-run SOC performs real-time threat detection and incident response, allowing SOC analysts to rapidly deliver security intelligence to stakeholders and senior management. The SOC framework was introduced by The Open Web Application Security Project (OWASP), a nonprofit foundation established to improve software security as a means for responding to cybersecurity incidents. The framework includes technical controls (Security Information and Events Management (SIEM) systems), organizational controls (processes), and also includes a human component (detection and response). Perhaps the most crucial function for a SOC involves a detailed and ongoing attack analysis. This means gathering and reporting on attack data that provides answers to these questions: When did the attack start? Who is behind the attack? How is the attack being carried out? What resources, systems, or data are at risk of being compromised or have already been compromised? A proactive and reactive mechanism Beyond attack analysis, the SOC also provides critical cybersecurity functions that should be a cornerstone for every business today: prevention, detection and response. An effective SOC prioritizes a proactive approach rather than relying on reactive measures. The SOC typically works around the clock to monitor the network for abnormal or malicious activity, which might stop attacks before they happen. How does this work? SOC analysts are well-equipped to prevent threats because they have access to comprehensive network data and possess up-to-date intel on global threat intelligence stats and data covering the latest hacker tools, trends, and methodologies. When it comes to response, think of the SOC as a first responder, carrying out the critical actions that “stop the bleeding” from an attack. When the incident is over, the SOC will also assist or lead restoration and recovery processes. What are the goals of a well-functioning SOC? A well-functioning SOC provides a multitude of benefits, but in order to get the most out of your security operations center, you’ll need to ensure you have experienced personnel to make u |
| Envoyé | Oui |
| Condensat | “stop 24x7 280 92m ability able abnormal about above access across action actions actively activity additional advantages: affect against ahead all allowing allows already also always analysis analyst analysts analysts—without another answers any anywhere application approach approaches approximately are around article assets assist at&t attack attackers attacks attractive author automation average avoid back based because been before behind being benefits best beyond bleeding” blowing boost breach breaches broad build business but can carried carrying cases center centralized challenging change channels clear clock cloud clues collected comes communication companies company company’s complexity component comprehensive compromised concept concrete confusion consider: consistent consistently contain continues controls cornerstone cost costs could covering critical crucial cyber cybersecurity data date day days dedicated deep deliver detailed detect detected detection developed devote did digital discovered discuss dive does doesn’t don’t early easier effective effectively efforts either emerging endpoints enough ensure entire environment equally equipped escalate essential essentially established events ever every evidence evolving expand experience experienced explaining exposure extensive external fact faster finally financial first flexibility flow focus following forming foundation framework from fully function functioning functions future gain gained gathering get glass global goal goals goals: good guest hacker hackers happen happens hardware harness have having hefty help holding house how however huge human hunting identifies identify identifying immediate impact important improve improved incident incidents includes independent indicates indicating information informed infrastructure installation intel intelligence intelligence: internal introduced intrusion inventory investigates investigation investment involved involves issues job just keep keeping know labor latest lead letting leveraging like look looking maintain maintaining make makes malicious managed management many matter may means measures mechanism meets mentioned methodologies might minimize minimizing minutes model monitor monitoring more most move much multiple multitude near need network next nonprofit not occurring offered offers often one ongoing only open operations operator operators orchestrated orchestration order organization organization's organization’s organizational organizations other out over owasp pane partner party performs perhaps personnel planning play poke pool possess posture practical prefer premises prepared prevent preventing prevention prioritizes proactive processes products project provides questions: quickly range rapidly rate rather reactive real recent recovery reduce reducing relying remediation reporting research resolves resources respond responder responders responding response responsible restoration risk roadmaps robust role run saas section security senior service services should side siem significant single skilled small smart soc software solution some something speed staff stakeholders start stats stay staying steal step stop stopping strategy strive study subscription sure systems take takes talented tap team technical than that’s them these they’ll thing think third threat threats through time times today’s today: tools toward trends turns typically valuable victim visibility want way we’ll web well what when where which who wide will within without won’t work works worst written you’ll you’re your |
| Tags | Data Breach Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.