An Agile SOC Requires People’s Effort

Door Renato Kuiper, Kelvin Rorive a.o. 17 jul 2017

Over the past few years many organisations have availed themselves of a Security Operations Center (SOC). Mostly, these organisations were prompted by stricter legislation and regulations (compliance driven) and acted in order to detect (potential) threats at an early stage. Within a traditional SOC, SIEM (Security Information and Event Management) has a central position, which makes a traditional SOC particularly reactive. As soon as a problem is detected, it is reported and action is being taken. However, rapid changes in the world around us and especially in the world of cyber security, require a proactive SOC. What is needed to develop from a traditional, responsive SOC (r-SOC) into a modern proactive SOC (p-SOC)? What will a contemporary p-SOC look like, prepared for the future?