• Technologies
    • Black Lotus Labs
    • Cloud
    • Edge Compute
    • Collaboration
    • Managed Services
    • Network
    • Security
  • Business Advice
    • 4th Industrial Revolution
    • Business Continuity & Disaster Recovery
    • Customer Experience
    • Data Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Healthcare
    • Gaming
    • Manufacturing
    • Media and Entertainment
    • Pharmaceutical
    • Public Sector
    • Retail
    • Technology
  • About Us
    • Leadership Perspectives
    • NewsRoom
  • Technologies
    • Black Lotus Labs
    • Cloud
    • Edge Compute
    • Collaboration
    • Managed Services
    • Network
    • Security
  • Business Advice
    • 4th Industrial Revolution
    • Business Continuity & Disaster Recovery
    • Customer Experience
    • Data Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Healthcare
    • Gaming
    • Manufacturing
    • Media and Entertainment
    • Pharmaceutical
    • Public Sector
    • Retail
    • Technology
  • About Us
    • Leadership Perspectives
    • NewsRoom

The SOC Journey

Darwin Hernandez Posted On October 17, 2022
0


0
Shares
  • Share On Facebook
  • Tweet It

Man with tablet stands outside of SOC

Network perimeters have expanded. Recent trends such as work-from-anywhere, hybrid cloud, and edge computing have accelerated digital transformation for many organizations. As more users and devices connect to networks from virtually anywhere, the volume of data multiplies overwhelmingly and increases businesses’ security risk posture.

Security Operations Centers (SOC) can help to mitigate many of these risks. Staffed 24/7 with security professionals, SOCs monitor networks to identify and handle incidents that could represent a threat. Organizations with successful SOCs can respond quickly to threats and minimize the impact of cyberattacks.

To be effective, SOCs should perform like clockwork. Here is an overview of the journey followed by comprehensive SOCs:

  • Alert notification: Everything starts with the security tools detecting an event. Security Information and Event Management (SIEM) configurations play a relevant role in this first step. Non-optimized SIEM platforms constitute a vulnerability for organizations due to the high level of security noise involved. The better the SIEM platform is configured and the quality of the logs feeding it, the better the alerts received.
  • Information gathering: Security analysts should consult run books and applicable use cases to identify true threats. If it is a false positive, the analyst should close the alert and use the case to feed the organization’s run book.
  • Investigate Issue: True threats have different levels of prioritization based on their type and severity. Threat analysts and security SMEs are engaged depending on the priority level. The SOC team could also use multiple tools to understand risks and the organization’s exposure level.
  • Threat analysis: Escalated events require additional techniques and strategies to gather information. Threat analysts can perform historical investigations of similar attacker IP addresses or network sources for a better understanding of the event. Ticket mining and lessons learned from past threats are also options in the toolkit.
  • Threat hunting: For events with a higher priority, analysts could perform proactive reviews to discover potential threats not identified by established SIEM use cases. Threat intelligence sources could include current security trends, information ingested into the SIEM, and even external intel logs. The reporting of findings will be used to develop new SIEM use cases.
  • Ticketing system integration: After gathering relevant information to prepare the remediation recommendations, the SOC team leverages the organization’s ticket system to report the event. The remediation team uses the information to respond to the threat quickly

Having a disciplined SOC in today’s technology landscape is a no-brainer; however, building and maintaining a quality, insourced SOC is expensive, not to mention the effort required to find, train, and retain the right security talent to monitor the tools and trigger threat responses. Lumen Virtual Security Operations Center (vSOC) services provide customers with 24/7 security event monitoring and incident handling to detect and analyze cybersecurity threats and incidents and help them align with regulatory compliance requirements. Our vSOC team follows the journey described above to augment your detection and response security strategy and empower you with practical remediation recommendations while minimizing labor and CAPEX expenses. Find more information about Virtual SOC from Lumen here.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents Lumen products and offerings as of the date of issue.

Related Posts:

  • What Is Zero Trust?
  • Are You Ready For SASE?
0
Shares
  • Share On Facebook
  • Tweet It


Professional Security ServicesSecuritySecurity Operations Centers


Author

Darwin Hernandez

Darwin Hernandez is a product marketing manager for Lumen, responsible for developing the product strategy for Lumen’s Professional Security Service portfolio. Over his 10+ years of experience, Darwin has previously developed and executed B2B and B2C marketing strategies. Darwin received his MBA from the University of Louisiana at Monroe and a bachelor’s degree from Universidad Central de Venezuela.

Trending Now
Podcast | Digitalizing Healthcare: How Technology is Changing the Industry
Lumen March 31, 2023
Defending the Evolving 21st Century Battlefield
Zach Block March 23, 2023
You may also like
Podcast | Digitalizing Healthcare: How Technology is Changing the Industry
March 31, 2023
What Bank Branches Can Learn from Retailers
March 16, 2023
Podcast | Creating Byte-sized Insights on Privacy-Enhancing Technologies
March 6, 2023
Introducing Lumen® Cloud Communications
Read Next

Introducing Lumen® Cloud Communications

  • Categories

    Adaptive Networking

    Connected Security

    Hybrid Cloud

    Communications and Collaboration

    Edge Computing

    SASE


  • Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure platform for applications and data to help businesses, government and communities deliver amazing experiences.

Services not available everywhere. ©2022 Lumen Technologies. All Rights Reserved.
Press enter/return to begin your search