Home > Articles > Cisco Network Technology > Security > Overview of Security Operations Center Technologies

Overview of Security Operations Center Technologies

Chapter Description

This chapter from Security Operations Center: Building, Operating, and Maintaining your SOC focuses on the technology and services associated with most modern SOC environments, including an overview of best practices for data collection, how data is processed so that it can be used for security analysis, vulnerability management, and some operation recommendations.

Collaboration

The SOC should be equipped with a collaboration platform that allows the SOC team to centrally store, manage, and access documents, including system manuals, documented processes, incident response procedures, and so on. The platform can be based on commercial products such as Microsoft SharePoint, or can be a customized web-based platform that is developed to fit your exact needs. The platform should support role-based access control (RBAC) so that you can facilitate for various user-access requirements.

Communication is also important within the SOC and with external resources. Most likely, these tools already exist within the organization, such as e-mail, internal websites, conference products, and mailing lists that can be customized for specific purposes such as bringing together a tiger team when a high-priority incident is seen. An example is the Cisco Emergency Responder 9.0 architecture made up of voice, video, and web collaboration products and customized for incident response situations.

7. SOC Conceptual Architecture | Next Section Previous Section