Friday, September 7, 2012

The Security Services a SOC should provide

This is a list of basic services a SOC should provide.
Keep in mind that when we talk about SOCs there are 2 categories: the corporate and the MSSP one.

Security Device Management
This is the primary and basic service of a SOCand it's where a SOC usually starts from.
SDM is the management of security devices, such as: firewall, Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS), proxy, web application firewall, etc
The type of managed devices should change depending on what is requested by the market.

Distributed Denial of Service Mitigation
This service is the Distributed Denial of Service mitigation. It's usually provided to customers like banks, government and every customer that has large profits coming from its internet services.

Event & Log Management / Collection
This service is more about compliance than security and it's the collection, storage and archiving of logs.

Incident handling
The management of the security incidents (security breaches, malware, misuse, etc). It could include the complete management of the incident (usually in the corporate SOC) or just the warning.

Security professional services
Between the professional services that could be provided: vulnerability assessment, penetration tests, web appliaction assessment, source code review, etc

Abuse desk
Managing of the "abuse@" mailbox. The abuse mailbox is used to receive any warning or report of abuse coming from the IP range assigned to a customer/provider.

Early Warning
This service works like a warning for new vulnerabilities and emerging threats.

I suggest you to read the following pages on WikiPedia:

Managed Security Services
Security Operation Center (english)
Security Operation Center (more detailed but in italian, actually I was the author of the first version of this page)


  1. SOC monitors and analyzes activity on networks, endpoints, servers, databases, websites, applications, and other systems, It looks for anomalous activity what could be indicative of a security incident. The SOC is very responsible for ensuring those potential security incidents that are correctly identified, defended, analyzed, investigated, and reported. thanks, Charlotte W. from Qld Diamond Security

  2. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for CSE Students

    JavaScript Training in Chennai

    Project Centers in Chennai for CSE

    JavaScript Training in Chennai

  3. I recently found many useful information in your website especially this blog page. Among the lots of comments on your articles. Thanks for sharing.internet Service provider