- Security Operation Center (computing)
A Security Operation Center (SOC) is an organization that delivers IT security services. It attempts to prevent unauthorized access and manage security related incidents using processes and procedures. The mission is risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software. Typically, these systems operate constantly. These resources offer continuous risk analysis and guarantee protection against intrusion. Internet security is a resource intensive task in time and personnel. Many organizations prefer to outsource this task to specialists in this field.
Outsourcingto a Security Partner allows an organization to lower its IT management costs and focus on its core business. The Security Partner delivers high quality service by hiring only the most qualified professionals. The SOC consists of monitoring and analyzing firewall activity, Intrusion Detection System(IDS) activity, antivirusactivity, individual vulnerabilities, etc. These technologies and processes are transient and require that personnel stay abreast of the latest developments
Possible SOC Services
*Proactive Analysis & System Management
*Security Device Management
Proactive Analysis and System Management
This security system provides proactive analysis of the systems and security devices of a system (
Intrusion Detection Systems, Intrusion Prevention Systems, firewalls, etc).
This anti-intrusion system offers centralized management of security.
Personnel need only concern themselves with the functions of monitoring tools, rather than the complexity of any device under scrutiny.
Tools used by the SOC must be is scalable. For example, adding a new IDS (Intrusion Detection System) to those already existing.
The SOC also performs Policy Management, including Remote Policy Management. Configuration of devices and security policies must be constantly updated as the system grows and evolves.
Security Device Management
The Security Device Management (SDM) service is composed of the following elements:
- Fault management- Configuration Management
The main objective of Fault Management is to ensure the continuous operation of the security infrastructure. The activity includes:
- Monitoring of client security devices- Fault Detection and Signaling- Fault Reporting - Corrective Action Determination- Corrective Action Implementation- System Recovery (if necessary)
The main objective of Configuration Management is to ensure the continuous enforcement of firewall rules tailored to customer needs. It applies to all equipment managed by the SOC and includes data packet discard / acceptance rules between an external source and an internal destination (or vice versa) based on:
- Source address.
- Destination address.
- Service protocol.
- Traffic log.
Configuration Management may be performed remotely (Remote Configuration Management)
Logs generated by various system components are consolidated and reformatted into an easily understandable report for the customer. This reporting is particularly important because, besides providing details of any possible intrusion by unauthorized parties or accidents, may also allow the customer to take preventative action.
The security alert service is designed to notify customers in timely fashion of the discovery of new vulnerabilities in such a way that countermeasures can be effected in time upon an attack to mitigate or negate the impact of the attack.
Distributed Denial of Service (DDos) Mitigation
The DDos Mitigation attempts to mitigate the effects of a
Denial of Serviceattack directed at a critical function of a client’s web infrastructure. It receives notification of an attack on a client service. Countermeasures are activated and evaluated. Traffic is ‘cleaned’ and re-re-routed. An ‘End-of-attack Notification’ is reported and logged.
These functions comprise the Security Assessment:
Vulnerability Assessmentsearches for known vulnerabilities of systems and software installed. This is carried out through specific technologies that are configured and customized for each assessment
Penetration Testis performed to isolate and exploit known or unknown vulnerabilities of systems, services and installed web applications. It attempts to quantify the threat level represented on each system and the impact. This activity is carried out either through a number of technologies that are configured and customized per assessment, or manually for each service, system, and application.
The SOC can provide general technical assistance for any issue regarding system operation, system violations,system update, security hardware and software update and configuration. Technical assistance can be provided remotely or on-site depending on the level of service.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Operation Commando Hunt — Part of the Vietnam War Targets: (top) loaded PAVN trucks, (mid) POL storage area, (bot) open supply storage area … Wikipedia
Data center — An operation engineer overseeing a Network Operations Control Room of a data center. A data center (or data centre or datacentre or datacenter) is a facility used to house computer systems and associated components, such as telecommunications and … Wikipedia
National Security Agency — NSA redirects here. For other uses, see NSA (disambiguation). For the Bahraini intelligence agency, see National Security Agency (Bahrain). National Security Agency Agency overview … Wikipedia
Multilevel security — or Multiple Levels of Security (abbreviated as MLS) is the application of a computer system to process information with different sensitivities (i.e., at different security levels), permit simultaneous access by users with different security… … Wikipedia
Cloud computing — Les principaux acteurs du cloud computing Le cloud computing, informatique en nuage ou infonuagique est un concept qui consiste à déporter sur des serveurs distants des traitements informatiques traditionnellement localisés sur des serveurs lo … Wikipédia en Français
Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… … Wikipedia
List of computing and IT abbreviations — This is a list of computing and IT acronyms and abbreviations. Contents: 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y … Wikipedia
Timeline of computer security hacker history — This is a timeline of computer security hacker history. Hacking and system cracking appeared with the first electronic computers. Below are some important events in the history of hacking and cracking.1970s1971* John T. Draper (later nicknamed… … Wikipedia
Benchmark (computing) — This article is about the use of benchmarks in computing, for other uses see benchmark. In computing, a benchmark is the act of running a computer program, a set of programs, or other operations, in order to assess the relative performance of an… … Wikipedia
Data & Analysis Center for Software — The Data Analysis Center for Software (DACS) is one of several United States Department of Defense (DoD) sponsored Information Analysis Centers (IACs), administered by the Defense Technical Information Center (DTIC). It is technically managed by… … Wikipedia