The Security Operations Center (SOC)

15 May

A Security Operations Center (SOC) consists of an in-house (or outsourced) team of cybersecurity professionals equipped with sophisticated technologies that monitor an organization’s IT infrastructure, 24 hours a day, 7 days a week, to detect cybersecurity events in real-time and address them as quickly and effectively as possible.

A SOC also selects, manages, and maintains the organization’s cybersecurity technologies and continuously analyzes data on threats and vulnerabilities to improve its security perimeter.

What is a SOC

The SOC is often regarded as the most tangible and visible realization of real-time security situational awareness and, given the evolutionary acceleration of the digital threat, it is still an important asset for any organization, whether it uses it for its own protection or offers it as an outsourced service.

Like digital evolutions, SOCs have also undergone progressive evolutions by transforming over time: from being network event alerting centers (NOCs) only, they have been progressively equipped with reactive and proactive capabilities, eventually reaching the level of proactive monitoring and response operations centers, often supported by automated processes.

The main benefit of managing or outsourcing a SOC is to unify and coordinate security tools and practices in response to security incidents.

This generally results in improved preventive measures and security policies, enables faster threat detection and a faster, more efficient and cost-effective response to security threats.

In addition, a SOC can help to increase customer trust and simplify and strengthen an organization’s compliance with industry, national, and global privacy and security regulations.

What is it for?

The goal of a Security Operations Center is to prevent cyber risks, detect, analyze, and respond to cyber attacks directed against the organization, using technology solutions and different approaches.

SOCs monitor and analyze activity on networks, servers, endpoints, databases, applications, Web sites, and other systems, looking for cyber vulnerabilities or abnormal behavior that could indicate a security attack or system compromise.

The SOC must ensure that potential attacks are properly identified, analyzed, defended, investigated, and reported.

Why is it important for companies?

The main reason for having a SOC is the ability to prevent, detect, and respond to security attacks through data monitoring and security monitoring. However, setting up and managing a Security Operations Center is complicated and expensive.

Companies use it for several reasons, such as:

Protecting sensitive data;
Comply with industry regulations such as PCI DSS;
Comply with government regulations such as GDPR HIPAA.

The SOC monitors network, server, endpoint, and database data 24 hours a day, 7 days a week.

This enables organizations to prevent and defend against malicious attacks, regardless of the type of source or attack, as well as the time of the event.

Having a SOC helps organizations reduce the time it takes to disclose a security threat. In this way, action can be taken before the system is damaged.

Differences between SOC, CERT, and CSIRT

Those involved in SOC-related activities are usually called upon to perform managed security activities, which often extend to incident response.

The terms CERT (Computer Emergency Response Team), CSIRT (Computer Security Incident Response Team), CIRT (Computer Incident Response Team) and SOC are often used in connection with incident response, but not everyone is clear about the difference between the acronyms.

CERT, CSIRT, and CIRT are often used synonymously to describe teams focused on incident response, while SOC generally has a broader meaning relating to the different capabilities expressed by its constituent security teams.

Specifically, CSIRT is formally defined by Carnegie Mellon University as “a concrete organizational entity (i.e., one or more staff members) assigned responsibility for coordinating and supporting the response to a cybersecurity event or incident.”

The term CERT, on the other hand, is related to its work indicated as “partnering with government, industry, law enforcement, and academia to improve the security and resilience of information systems and networks by developing advanced methods and tools.

Telsy’s iSOC

The iSOC is the Security Operations Center of Telsy and the TIM Group, a structure composed of personnel highly specialized in the identification, management and remediation of IT security incidents aimed at companies and Public Administrations.

As specified by Adriano Forte, Telsy SOC Manager, two souls operate within it, one aimed at the delivery and subsequent management of the systems to safeguard infrastructure, while in the other all the professional services of Red and Blue Team converge.

Specifically, the Blue Team is made up of the defense group devoted to monitoring and analyzing the type of threats and verifying the goal of the malicious action in progress, while the Red Team is the group tasked with identifying the various types of threats within the client’s infrastructure.

From its headquarters in Naples’ Centro Direzionale, iSOC operates h24, 365 days a year to ensure the activation of measures to protect, contain and filter cyber attacks for organizations that rely on Telsy, TIM Enterprise and related Managed Detection & Response solutions to monitor their infrastructure and ensure business continuity in the event of cyber incidents.

The iSOC operates through both proprietary technologies and products from market-leading vendors that allow all project propositions to be managed according to customer needs.

Telsy – Adriano Forte concludes – has a nationwide presence thanks to the TIM customer base, as a center of expertise and excellence in cybersecurity and cryptography.

Discover all of Telsy’s solutions for preventive and reactive security tools dedicated to businesses.