February 8, 2018

Cybersecurity 101 – SOC against cybercrime

Gawel Mikolajczyk

Head of Security Operations, Tieto Security Services

One of the fundamental concepts in combating cybercrime today is the Security Operations Center, or the SOC.

As we discussed in a previous blog post, even the basic cybersecurity acronyms tend to push the uninitiated away. We cannot afford this to remain the case. As cybersecurity needs to be holistic across an organization, we want to change this - by introducing transparency to cybersecurity, one term and concept at a time.

The main goal of a SOC is to be able to detect, investigate, mitigate and eradicate cyber threats, 24/7. A SOC team is constantly on the lookout for and analyzing threats from networks, endpoints, servers, databases, applications, websites and other systems, looking for suspicious activities which could indicate a compromise.

The SOC Team, being present in one or more dedicated security facilities, is responsible for the timely analysis detection confirmation whether this is a real threat, and deeper investigation, and relevant incident response activities – and notifying the rest of the organization about breaches. 

A SOC is a combination of people, technologies, processes and intelligence.

  • People. The experts in a SOC represent different areas of expertise. They include security analysts, incident responders, architects, developers and project managers. This mix of technology, security, process and customer knowhow guarantees the functioning of the entire process ranging from identifying threats to eradicating them.
  • Processes. Firm and clear SOC processes enable the most efficient way of conducting the security process, again from identification to eradication. All experts involved in a security case need to know their own roles and the workflow for all cases.
  • Technology. The primary function of technology is to provide a comprehensive visibility into the IT environment, so that all necessary data and information for the security processes are available constantly and in real time.
  • Intelligence. This is the ability of a SOC to acquire information about attacks and threats as broadly as possible from various feeds. These help the SOC experts to stay up to date with the cyber threat landscape (which is constantly changing) and correlate it with other data for identification purposes.

The modern digitalized organization needs a SOC, or equivalent functions. A SOC does not function on technology alone. As noted, needed to combat cybercrime is the combination of people, technologies, processes and intelligence.

Engaging SOC in the battle against cybercrime is something that we continuously build and develop – indeed, even as we speak.

More about this later, when the time is ripe.

Stay up-to-date

Get all the latest blogs sent you now!