SOC Operating Model
Choosing the appropriate operating model is a strategic decision that requires careful consideration of various factors. These include the purpose behind implementing a Security Operations Center...
Choosing the appropriate operating model is a strategic decision that requires careful consideration of various factors. These include the purpose behind implementing a Security Operations Center (SOC), the mission of the SOC, relevant business limitations, budgetary constraints, and the specific context of the organisation, such as its size, threat landscape, and industry sector.
It’s important to note that each SOC is unique, and there is no one-size-fits-all operating model or checklist that can provide immediate clarity on how a particular SOC should be designed and operated. In the upcoming articles, I will delve into the key factors to consider when determining the most suitable operating model for your organisation. In this context, the term “operating model” encompasses the approach to delivering SOC services (whether through an internal, external, or hybrid SOC) as well as the geographical location, operating hours, and structure of the SOC (refer to Figure 1 below).
Choosing the appropriate operating model is a strategic decision that requires careful consideration of various factors. These include the purpose behind implementing a Security Operations Center...
This is the sixth and final article in a series starting with "Critical Capabilities of a Modern SOC". In the last article, I talked about the "security investigation" capability, and in this...
In the last article we looked exclusively at Linux malware myths. In this part, both MacOS and Windows turn for a myth-busting session. First, we’ll take a look at the stubborn myths that still...
This is the fifth article in a series starting with "Critical Capabilities of a Modern SOC". In the last article, I talked about the "monitoring" capability, and in this article, I talk about the...
Threat actors can be some of the best recyclers on the planet. Unfortunately, it is not waste they recycle but previous tactics to compromise IT infrastructure. In recent months there has been a...
This is the fourth article in a series starting with the critical capabilities of a modern SOC. In the last article, I talked about the "detection" capability, and in this article, I talk about...
Humans love to place themselves in certain tech tribes. Whether it is programming languages, console versus PC gaming, and operating systems themselves, we place ourselves in one camp or the...
This is the third article in a series starting with the critical capabilities of a modern SOC. In the last article, I covered the "data collection and correlation" capability, and in this...
This is a follow-up to the article I wrote last week about the critical capabilities of a modern SOC. In this article, I cover the first capability discussed, namely, "data collection and...
The concept of a SOC has evolved over recent years to mean different things to different people, and in this article, I will try and bring some clarity for enterprises that are looking to build a...