Home > Articles > Cisco Network Technology > Security > Overview of Security Operations Center Technologies

Overview of Security Operations Center Technologies

Chapter Description

This chapter from Security Operations Center: Building, Operating, and Maintaining your SOC focuses on the technology and services associated with most modern SOC environments, including an overview of best practices for data collection, how data is processed so that it can be used for security analysis, vulnerability management, and some operation recommendations.

SOC Conceptual Architecture

To get the best out of your investment, you should operate the various SOC technologies under a cohesive architecture. The architecture should formalize the operation model of SOC in terms of components and relationships.

We propose a reference conceptual architecture in Figure 2-13. The proposed reference architecture formalizes the following:

  • The input to the SOC in terms of categorized sources
  • The output of the SOC in terms of alerts and actions
  • The SOC’s technologies
  • The relationship between the technologies
  • The areas where measurements can be collected in terms of type, value, and frequency
Figure 2-13

Figure 2-13 SOC’s Conceptual Architecture

We will refer to this architecture and detail its different blocks in various chapters of this book. One other architecture to consider is looking at how SOC responsibilities could be outsourced to a managed service provider. Figure 2-14 represents the Cisco architecture for managed threat defense services targeting customers looking to outsource some or all of their SOC responsibilities.

Figure 2-14

Figure 2-14 Cisco Managed Threat Defense Architecture