1) Threat Centric SOC
--> A threat-centric SOC actively searches for malicious threats in the network.
--> New threats can be identified with the help of
i) known vulnerabilities
2) threat intelligence feed services
3) malicious anomalies across networks.
--> In order to perform analysis we need to acquire relevant data.
--> Any threat-centric SOC process model should include processes and procedures for acquiring relevant data.
--> To deal with the security challenges, organizations need a simpler, scalable, threat-centric approach that addresses security across the entire attack continuum—before, during, and after an attack.
--> Before an attack, we need to implement policies and controls to defend the organization from attacks.
--> During an attack, it is critical to have the ability to continuously detect the presence of malware and block identified threats.
--> After an attack, we need to minimize the impact of an attack by identifying the point of entry, Determine the scope of the attack and Contain the threat and remediate the infected host.
2) Compliance Based SOC
--> A compliance-based SOC is focused on comparing the complete organization network with the help of configuration templates and standard system builds.
--> This type of monitoring provides the capability to detect unauthorized changes and existing config problems that could lead to the security breach.
--> Typically, these issues cannot be identified by common security tools, such as vulnerability scanners, unless the configuration problem is actively exploited. During an exploit is not the best time to identify potential security issues within the network.
--> Linking an organization's risk management and incident response practices to an automated system compliance process is key to a successful compliance-based SOC.
3) Operational-based SOC
--> An operational-based SOC is an internally focused organization that is tasked with monitoring the security posture of an organization’s internal network.
--> Focused on maintaining the operational integrity of the identity management and access policies, intrusion detection system rules, and the administration of firewall ACLs rules.
--> CSIRT ( Computer Security Incident Response Team) is the most technically accurate term that describes an operational-based SOC.
Md.Kareemoddin
CCIE # 54759
Ref: Cisco
--> A threat-centric SOC actively searches for malicious threats in the network.
--> New threats can be identified with the help of
i) known vulnerabilities
2) threat intelligence feed services
3) malicious anomalies across networks.
--> In order to perform analysis we need to acquire relevant data.
--> Any threat-centric SOC process model should include processes and procedures for acquiring relevant data.
--> To deal with the security challenges, organizations need a simpler, scalable, threat-centric approach that addresses security across the entire attack continuum—before, during, and after an attack.
--> Before an attack, we need to implement policies and controls to defend the organization from attacks.
--> During an attack, it is critical to have the ability to continuously detect the presence of malware and block identified threats.
--> After an attack, we need to minimize the impact of an attack by identifying the point of entry, Determine the scope of the attack and Contain the threat and remediate the infected host.
2) Compliance Based SOC
--> A compliance-based SOC is focused on comparing the complete organization network with the help of configuration templates and standard system builds.
--> This type of monitoring provides the capability to detect unauthorized changes and existing config problems that could lead to the security breach.
--> Typically, these issues cannot be identified by common security tools, such as vulnerability scanners, unless the configuration problem is actively exploited. During an exploit is not the best time to identify potential security issues within the network.
--> Linking an organization's risk management and incident response practices to an automated system compliance process is key to a successful compliance-based SOC.
3) Operational-based SOC
--> An operational-based SOC is an internally focused organization that is tasked with monitoring the security posture of an organization’s internal network.
--> Focused on maintaining the operational integrity of the identity management and access policies, intrusion detection system rules, and the administration of firewall ACLs rules.
--> CSIRT ( Computer Security Incident Response Team) is the most technically accurate term that describes an operational-based SOC.
Md.Kareemoddin
CCIE # 54759
Ref: Cisco
 ?){kind=link}
0 Comments