Whether you call it a SOC, a CSOC, a Cyber Defense Center, or something else, security operation centers have the same fundamental mission – to help organizations detect, analyze, respond to, report on, and prevent cyber security incidents. But what it takes to do that effectively has changed in this ever-evolving threat landscape, putting an even greater burden on analysts and the technologies they rely upon.
Many SOCs take a reactive approach and provide a set of standard services that include log management, real-time monitoring, and incident response and investigation. They use traditional SIEMs that gather log data from internal sources, conduct correlations, and run simple, real-time, rules-based analytics to detect known threats.