Evolution of the Security Operations Centre (SOC)
WHAT? “a facility where enterprise information systems (web sites, applications, databases, data centres and servers, networks, desktops and other endpoints) are monitored, assessed, and defended…”
HOW? ”…related to the people, processes and technologies that provide situational awareness through the detection, containment, and remediation of IT threats”
Wikipedia, 06 Dec 2020
WHY? The prime business justifications of the SOC continue to be the Protection of Sensitive Data, Industry Compliance, Procurement Standards and more recently the specific focus has gone to Protection of PII.
SOC models continue to undergo a progressive evolution: •Inclusion of Security Orchestration, Automation & Response (SOAR) beyond Security Information & Event Management (SIEM) • •Increased focus on centralization and fusion SOCs • •Includes Cloud Estate and Internet of Things • •Reliance on Data Science, Machine Learning, and Artificial Intelligence • •Enhancement of scope of coverage and capability to respond • •