With more than 20 years of experience in integrating telecommunications and information technology systems, awareness and appreciation of the importance of information security, we and the world’s leading companies in this field, have been researching, consulting and deploying security infrastructure solutions in Vietnam, consulting the procedures / tools as well as providing intensive training on information security. Security Operations Center (SOC) is one of the information security areas we are focusing on to help our customers set up a cyber-security management center.
- What is Security Operations Center?
Security Operations Center is a unit that deals with security issues. The center includes security analysts to detect, analyze, react, report, and prevent network security incidents.
General Model of Security Operations Center
- Why is it necessary to build a Security Operations Center?
In the context of the growing security situation, financial, governmental, and national security organizations have to face thousands of attacks every day in the world. In Vietnam, there are at least 100 attacks per day (VN-CERT).
Cyberattacks have been more and more sophisticated, as hackers have become increasingly well-rounded, invested, and organized. Current security solutions do not meet the needs even though there have been many ongoing updates. Large cyber attacks on organizations with solid information security systems such as the FBI, NASA, Microsoft, Google, Facebook, and so on have been noted in Vietnam and in the world. These attacks surpass all existing defense systems. Individuals and organizations are not fully aware of what they’re missing, how hackers can get data to modify the system and set up defensive policies that will prevent similar situations.
Security Operations Center (SOC) addresses the remaining shortcomings of security network devices by combining Human, Technology, and Process.
SOC Connect Technology, People, Process.
- Technology: Providing solutions of monitoring, analysis, incident detection, incident investigation.
- People: Being specialists in Security Operations Center who are assigned to clear tasks to coordinate the operation of the system.
Process: Processes, policies and information security policies implemented on the system.
- Which organizations need a Security Operations Center?
All organizations apply information technology in operation, particularly necessary for governmental organizations, defense and financial institutions.
Depending on the size and level of organizations and businesses, you can build your own security center or you can use the service from another professional provider.
- How to build a Security Operations Center?
Reference Architecture of SOC’s function and component.
Building a Security Operations Center is a complex process to combine modern technology, operated by professionals, and suitable for each policy, process, and working principle.
First of all, it is necessary to review and evaluate the current IT system, then build and implement the prevention system such as Firewall, IDS, AV, DDoS, … and monitoring systems – Surveillance, Traceability, System Analysis, and Response to Incidents. Finally, personnel training and the development of a responsive process suitable for the operation and the connection of all components together will create a holistic model to ensure security for system.
- Who can operate Security Operations Center?
Specialists with appropriate expertise for assigned position can operate SOC. Each position performs a role in the system, following the organization’ s standard procedure
- Alert Analyst: The specialists are responsible for monitoring – and warning from the system in 24/7 . When there are alerts from the system, professionals will analyze, evaluate and transfer to the Incident Responder or SME/Hunter.
- Incident Responder: Responsible for receiving alerts from Alert Analyst and prevent problems.
- SME/Hunter: Experienced, skilled specialists who directly handle security incidents, then investigate and issue crash prevention command.
SOC Manager: A SOC manager who receives reports and analysis from SME/Hunter and spokesperson when there is a problem with the system.