Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Building an effective Security Operations framework that provides the right balance of people, processes, and technologies can take years.
Here we’ll discuss some foundational topics that can be used to grow an effective SOC Operation.
An Operations Framework is a group of tools and processes a SOC Operations team depends on every day to perform its duties. For example, Microsoft’s Well Architected Framework recommends the following steps as part of your security operations framework:
Image 1: Microsoft’s Security Operations Model from their Cloud Architected Framework
Developing a more comprehensive Security Operations Framework involves breaking down the high-level components into frameworks and processes. This technique presents each component as several manageable parts and thus reduces its complexity.
For example, take the following SOC components and their underlying frameworks and processes:
Security Research
Logging, detection, and alert tuning
Incident Response
Reporting and Dashboards
New Application Onboarding
Automation
Security Operations require several layers of well-developed people, processes, and technologies.
The use of a mature architecture framework can speed up the process of developing this complex infrastructure.
References
About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.
Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.
Compliance
All topics mentioned in this series have been mapped to several compliance controls here.
David Broggy is Senior Solutions Architect, Implementation Services at Trustwave with over 21 years of experience. He holds multiple security certifications and won Microsoft's Most Valuable Professional (MVP) Award for Azure Security. Follow David on LinkedIn.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.