Solved

Setting up Security Operations Center (SOC)

Posted on 2011-09-23
4
417 Views
Last Modified: 2012-06-21
My company is going to setup a SOC.  I would like to know if there are any good practical references for designing the processes and establishing the related procedures.

Thanks.
0
Comment
Question by:kwlol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 36591484

Actually ENISA and NIST have good reference in the incident response guidelines which is essential to setting up the SOC as well

a) check out the role, framework and workflow
http://www.enisa.europa.eu/act/cert/support/guide

b) Information sharing - Setting up of WARP and knowing the traffic light protocol
http://www.warp.gov.uk/set-up-warp.html
http://www.warp.gov.uk/run-a-warp.html
http://www.enisa.europa.eu/act/cert/background/coop/ideas-for-future/recommendations/info-handling

c) Arsenal to be equipped
http://www.enisa.europa.eu/act/cert/support/chiht
http://www.experts-exchange.com/ITPro/Consulting/Q_27309561.html

Overall, it really depends on how comprehensive but have the tier support and necessary contacts, technology to automate in each tier of incident handling will help. Importantly, getting mgmt approval and IT support would be critical too. But potentially, the (eyes and ear) network monitoring and response will be the fundamental task to isolate and mitigate damages promptly while the (brain) analysis and evaluation to prevent further future impact would be another stage for SOC but typically an intelligence handling arm will handle it.

importantly, SOC may be audited as well. Below is audit finding of USCERT - good to learn and be aware of lessons highlighted

http://fcw.com/articles/2010/09/09/us-cert-riddled-with-security-holes.aspx
0
 
LVL 63

Expert Comment

by:btan
ID: 36591907
0
 

Author Comment

by:kwlol
ID: 36708384
i would like to know if we are going to have 10 different customers for helping them to monitor their devices thru a sensor (at each site) from our SOC.  Do we need to subscribe 10 leased lines, with 10 different routers stacked in our SOC? Would Metroethernet benefit us on this case?

Thanks.
0
 
LVL 63

Expert Comment

by:btan
ID: 36710119
Actually i am thinking of there is sending of the real time traffic log sync from sensor to a logging server and load balancer fronting the data centre that would be receiving or pulling from the designated log service. the network would be leased and dedicated so as not to have high latency sine we are saying near real time update.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 10 GUEST Account 10 79
Fraud Email 22 129
Spam Attack - Exchange 2010 14 48
Active Directory Cleanup Report 2 50
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question