Building an effective Security Operations framework that provides the right balance of people, processes, and technologies can take years.
Here we’ll discuss some foundational topics that can be used to grow an effective SOC Operation.
An Operations Framework is a group of tools and processes a SOC Operations team depends on every day to perform its duties. For example, Microsoft’s Well Architected Framework recommends the following steps as part of your security operations framework:
Image 1: Microsoft’s Security Operations Model from their Cloud Architected Framework
Developing a more comprehensive Security Operations Framework involves breaking down the high-level components into frameworks and processes. This technique presents each component as several manageable parts and thus reduces its complexity.
For example, take the following SOC components and their underlying frameworks and processes:
Security Research
Logging, detection, and alert tuning
Incident Response
Reporting and Dashboards
New Application Onboarding
Automation
Security Operations require several layers of well-developed people, processes, and technologies.
The use of a mature architecture framework can speed up the process of developing this complex infrastructure.
References
About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.
Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.
Compliance
All topics mentioned in this series have been mapped to several compliance controls here.