Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • What Is a Security Operations Center (SOC)?
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

What Is a Security Operations Center (SOC)?

5 years ago David Gilmore
What Is a Security Operations Center (SOC)?

Data breaches are costing organizations millions of dollars on average. In its 2020 Cost of a Data Breach Report, IBM found that a data breach cost the average organization $3.86 million. This price tag was even greater for organizations located in the United States and operating in the healthcare industry at $8.64 million and $7.13 million, respectively.

What’s behind this price tag, you ask?

It could be the fact that it took organizations 280 days on average to identify and contain a breach, according to IBM. Let’s put it this way: digital attackers had nearly a year to hide within their victims’ systems and networks. That’s ample time to discover and move laterally to business-critical assets, at which point they can exfiltrate sensitive information. Such malicious activity ultimately translates into recovery costs, compliance penalties and legal fees.

The Value of a SOC

Organizations need a way to improve their ability to detect incidents on a timely basis. Towards that end, they can consider creating a Security Operations Center (SOC) to proactively monitor their organizations’ security. A SOC might consist of a physical location where SOC analysts oversee the employer’s ability to operate securely, notes CompTIA, or it could just be a team of experts responsible for providing the same security function.

SOC analysts tend to do the same type of work in either setup. Their duties range from proactively monitoring for threats using log analysis to addressing vulnerabilities and coordinating an incident response plan. All of this happens within a centralized business unit.

As such, SOCs bring certain benefits to organizations. One of the most important is continuous protection. The idea is to have the SOC staffed at all times so that it can monitor an organization’s network and/or facility 24/7, explained Cyber Defense Magazine. This type of protection helps to minimize response time and expedite the analysis process. Subsequently, SOCs are equipped to investigate a security issue before it develops into a data breach, thus saving organizations time and money in the process.

Overcoming the Challenges Facing Today’s SOCs

It’s important to remember that there are certain things standing in the way of organizations creating an effective SOC. As noted by EC-Council, organizations are struggling against the cybersecurity skills gap to find talented professionals who can serve on their SOC’s staff. Absent those skilled personnel, SOCs might not have the necessary expertise to correlate threat data and streamline critical security functions.

There’s also the challenge of finding tools. SOC analysts need robust solutions to help them detect and manage security issues if they are to prevent a data breach. In purchasing something for their SOCs, organizations need to resist the urge to be reactionary and instead take a strategic approach to their security investments.

“Most organizations start their SOC journey with an evaluation of existing security controls,” notes Gartner. “When they feel the need to purchase a specialized tool, they face a paradox of choices and too many possibilities in the market. Gartner sees many organizations select a tool primarily to solve the most recent security incident because they get budget right after the event. They have the mandate to ‘make sure it never happens again,’ and pick the shortest path.”

Organizations can respond by playing the long game and working with a trusted vendor like Tripwire. All its solutions can help SOC analysts fulfill their essential duties. Consider Tripwire Enterprise, for instance. It can monitor all assets (Operating Systems, Network Devices, Directory Services, Databases, and Virtual Infrastructure) for change and issue an alert when any change is detected. Add in the capability to assess systems against industry standards such as CIS, NIST, and ISO compliance, and organizations have a solution that can shine a light on systems that require attention. Tripwire Enterprise Apps (TEIF, DSR, and Event Sender) integrate with leading ITIL change management tools to identify change (promoting authorized changes and reporting unauthorized), approve changes due to OS patching and send detailed log data to SEIM for analysis.

The benefits of Tripwire’s offerings to SOC teams don’t end there. Consider the following:

  • Tripwire IP360, Tripwire’s vulnerability management solution, will scan your networks and collect agent data to assess systems for vulnerabilities. Powered by Tripwire’s VERT Team, the collected data is then presented to you with a risk assessment based on multiple factors observed about the vulnerabilities as they are detected in the real world. IP360 also has the capability to discover assets that are on your network.
  • Tripwire Log Center is a log management tool that can ingest and normalize events from devices and deployed agents. It can then generate alerts based on correlation rules that can be tailored to the environment.
  • Tripwire’s solutions for Industrial Controls Systems listen to the traffic on the network to help identify threats. Paired with Tripwire Log Center, this gives organizations a means for capturing, normalizing and alerting on deviations from baseline.

Augment your SOC with Tripwire’s solutions today.

The post ” What Is a Security Operations Center (SOC)?” appeared first on TripWire

Source:TripWire – David Gilmore

Tags: Compliance, Critical Severity, Finance, TripWire

Continue Reading

Previous IKEA Fined $1.2M for Elaborate ‘Spying System’
Next Researchers Uncover ‘Process Ghosting’ — A New Malware Evasion Technique

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

13 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

18 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT