Friday, September 7, 2012

The Security Services a SOC should provide

This is a list of basic services a SOC should provide.
Keep in mind that when we talk about SOCs there are 2 categories: the corporate and the MSSP one.

Security Device Management
This is the primary and basic service of a SOCand it's where a SOC usually starts from.
SDM is the management of security devices, such as: firewall, Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS), proxy, web application firewall, etc
The type of managed devices should change depending on what is requested by the market.

Distributed Denial of Service Mitigation
This service is the Distributed Denial of Service mitigation. It's usually provided to customers like banks, government and every customer that has large profits coming from its internet services.

Event & Log Management / Collection
This service is more about compliance than security and it's the collection, storage and archiving of logs.

Incident handling
The management of the security incidents (security breaches, malware, misuse, etc). It could include the complete management of the incident (usually in the corporate SOC) or just the warning.

Security professional services
Between the professional services that could be provided: vulnerability assessment, penetration tests, web appliaction assessment, source code review, etc

Abuse desk
Managing of the "abuse@" mailbox. The abuse mailbox is used to receive any warning or report of abuse coming from the IP range assigned to a customer/provider.

Early Warning
This service works like a warning for new vulnerabilities and emerging threats.

I suggest you to read the following pages on WikiPedia:

Managed Security Services
Security Operation Center (english)
Security Operation Center (more detailed but in italian, actually I was the author of the first version of this page)

No comments:

Post a Comment