What is SOC ?

One thing in the tech industry, we will remember about 2020 is the amount of cyberattacks that took place. Everyone was impacted whether it was finance, healthcare or tech companies themselves. Two of the biggest cybersecurity companies worldwide, FireEye and SolarWinds, had their supply chains hacked.
Maybe you were just like me, you were not really acquainted with cybersecurity. Your company or your customers started taking a real interest and incorporating cybersecurity into IT strategy. Just like me, you heard words like SOC and had no clue what they meant.
In this article, we take a look at what SOC is what it means to companies.

I don’t know what SOC means

What is SOC and what does it mean for a company?

SOC stands for Security Operations Centre and is the team in charge of the company Information Security.
The goal of the SOC is to identify, prevent, detect, response, investigate and report cybersecurity incidents. They enforce best practices, industry and governmental regulations and compliances.

SOC team goes for a more proactive security approach. They monitor and analyse different assets of the environment like network, servers, endpoints and applications. Then, they corollate the collected logs and data to identify abnormal behaviours that could signal a security breach.

SOC relies on different solutions like:
- Firewall to isolate attacks and stop them from moving in the environment
- IDS/IPS to detect attacks, anomalies on the network and block them
- EDR/NGAV to detect abnormal behaviours on endpoints, workloads and block them
- SIEM to collect and aggregate data

A SIEM (Security Information and Event Management) is log management for security that provides reports on security-related incidents and events and send alerts in case of potential security issues.

However, there are challenged to finding malicious activities as it can be really tricky and complicated to corollate information gathered from different sources. Unfortunately, some critical attacks fall through the cracks. That’s why AI-based analysis provides better capabilities for threat detection and threat visibility. AI-based analysis is fairly new in SIEM and some companies like VMware already offer AI-based EDR.

If you are interested in working in cybersecurity, here are the typical jobs found in a SOC team: manager, analyst, investigator, responder and auditor

Now, you should understand the role and benefits of a SOC:
The SOC team is crucial for a company to be able to protect its personal brand by protecting critical information from hackers and enforcing compliances.