Security Operation Center (computing)

Security Operation Center (computing)

A Security Operation Center (SOC) is an organization that delivers IT security services. It attempts to prevent unauthorized access and manage security related incidents using processes and procedures. The mission is risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software. Typically, these systems operate constantly. These resources offer continuous risk analysis and guarantee protection against intrusion. Internet security is a resource intensive task in time and personnel. Many organizations prefer to outsource this task to specialists in this field. Outsourcing to a Security Partner allows an organization to lower its IT management costs and focus on its core business. The Security Partner delivers high quality service by hiring only the most qualified professionals. The SOC consists of monitoring and analyzing firewall activity, Intrusion Detection System (IDS) activity, antivirus activity, individual vulnerabilities, etc. These technologies and processes are transient and require that personnel stay abreast of the latest developments

Possible SOC Services

*Proactive Analysis & System Management
*Security Device Management
*Security Alert
*DDos Mitigation
*Security Assessment
*Technical Assistance

Proactive Analysis and System Management

This security system provides proactive analysis of the systems and security devices of a system (Intrusion Detection Systems, Intrusion Prevention Systems, firewalls, etc).

This anti-intrusion system offers centralized management of security.

Personnel need only concern themselves with the functions of monitoring tools, rather than the complexity of any device under scrutiny.

Tools used by the SOC must be is scalable. For example, adding a new IDS (Intrusion Detection System) to those already existing.

The SOC also performs Policy Management, including Remote Policy Management. Configuration of devices and security policies must be constantly updated as the system grows and evolves.

Security Device Management

The Security Device Management (SDM) service is composed of the following elements:

- Fault management- Configuration Management

Fault Management

The main objective of Fault Management is to ensure the continuous operation of the security infrastructure. The activity includes:

- Monitoring of client security devices- Fault Detection and Signaling- Fault Reporting - Corrective Action Determination- Corrective Action Implementation- System Recovery (if necessary)

Configuration Management

The main objective of Configuration Management is to ensure the continuous enforcement of firewall rules tailored to customer needs. It applies to all equipment managed by the SOC and includes data packet discard / acceptance rules between an external source and an internal destination (or vice versa) based on:

- Source address.

- Destination address.

- Network protocol.

- Service protocol.

- Traffic log.

Configuration Management may be performed remotely (Remote Configuration Management)


Logs generated by various system components are consolidated and reformatted into an easily understandable report for the customer. This reporting is particularly important because, besides providing details of any possible intrusion by unauthorized parties or accidents, may also allow the customer to take preventative action.

Security Alert

The security alert service is designed to notify customers in timely fashion of the discovery of new vulnerabilities in such a way that countermeasures can be effected in time upon an attack to mitigate or negate the impact of the attack.

Distributed Denial of Service (DDos) Mitigation

The DDos Mitigation attempts to mitigate the effects of a Denial of Service attack directed at a critical function of a client’s web infrastructure. It receives notification of an attack on a client service. Countermeasures are activated and evaluated. Traffic is ‘cleaned’ and re-re-routed. An ‘End-of-attack Notification’ is reported and logged.

Security Assessment

These functions comprise the Security Assessment:

- Vulnerability Assessment

- Penetration Test

Vulnerability Assessment

The Vulnerability Assessment searches for known vulnerabilities of systems and software installed. This is carried out through specific technologies that are configured and customized for each assessment

Penetration test

The Penetration Test is performed to isolate and exploit known or unknown vulnerabilities of systems, services and installed web applications. It attempts to quantify the threat level represented on each system and the impact. This activity is carried out either through a number of technologies that are configured and customized per assessment, or manually for each service, system, and application.

Technical Assistance

The SOC can provide general technical assistance for any issue regarding system operation, system violations,system update, security hardware and software update and configuration. Technical assistance can be provided remotely or on-site depending on the level of service.

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Operation Commando Hunt — Part of the Vietnam War Targets: (top) loaded PAVN trucks, (mid) POL storage area, (bot) open supply storage area …   Wikipedia

  • Data center — An operation engineer overseeing a Network Operations Control Room of a data center. A data center (or data centre or datacentre or datacenter) is a facility used to house computer systems and associated components, such as telecommunications and …   Wikipedia

  • National Security Agency — NSA redirects here. For other uses, see NSA (disambiguation). For the Bahraini intelligence agency, see National Security Agency (Bahrain). National Security Agency Agency overview …   Wikipedia

  • Multilevel security — or Multiple Levels of Security (abbreviated as MLS) is the application of a computer system to process information with different sensitivities (i.e., at different security levels), permit simultaneous access by users with different security… …   Wikipedia

  • Cloud computing — Les principaux acteurs du cloud computing Le cloud computing[1], informatique en nuage ou infonuagique est un concept qui consiste à déporter sur des serveurs distants des traitements informatiques traditionnellement localisés sur des serveurs lo …   Wikipédia en Français

  • Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… …   Wikipedia

  • List of computing and IT abbreviations — This is a list of computing and IT acronyms and abbreviations. Contents: 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y …   Wikipedia

  • Timeline of computer security hacker history — This is a timeline of computer security hacker history. Hacking and system cracking appeared with the first electronic computers. Below are some important events in the history of hacking and cracking.1970s1971* John T. Draper (later nicknamed… …   Wikipedia

  • Benchmark (computing) — This article is about the use of benchmarks in computing, for other uses see benchmark. In computing, a benchmark is the act of running a computer program, a set of programs, or other operations, in order to assess the relative performance of an… …   Wikipedia

  • Data & Analysis Center for Software — The Data Analysis Center for Software (DACS) is one of several United States Department of Defense (DoD) sponsored Information Analysis Centers (IACs), administered by the Defense Technical Information Center (DTIC). It is technically managed by… …   Wikipedia