The SOC Journey

Darwin Hernandez Posted On October 10, 2023
0
51.9K Views


IT professional with tablet stands outside of security operations center

Recent trends such as work-from-anywhere, hybrid cloud and edge computing have accelerated digital transformation for many organizations. As more users and devices connect to networks from virtually anywhere, the volume of data multiplies overwhelmingly and increases businesses’ security risk posture. Security Operations Centers (SOC) can help to mitigate many of these risks. Staffed 24/7 with security professionals, SOCs monitor networks to identify and handle incidents that could represent a threat. Organizations with successful SOCs can respond quickly to threats and minimize the impact of cyberattacks.

To be effective, SOCs should perform like clockwork. Here is an overview of the journey followed by comprehensive SOCs:

  • Alert notification: Everything starts with the security tools detecting an event. Security Information and Event Management (SIEM) configurations play a relevant role in this first step. Non-optimized SIEM platforms constitute a vulnerability for organizations due to the high level of security noise involved. The better the SIEM platform is configured and the quality of the logs feeding it, the better the alerts received.
  • Information gathering: Security analysts should consult run books and applicable use cases to identify true threats. If it is a false positive, the analyst should close the alert and use the case to feed the organization’s run book.
  • Investigate issue: True threats have different levels of prioritization based on their type and severity. Threat analysts and security SMEs are engaged depending on the priority level. The SOC team could also use multiple tools to understand risks and the organization’s exposure level.
  • Threat analysis: Escalated events require additional techniques and strategies to gather information. Threat analysts can perform historical investigations of similar attacker IP addresses or network sources for a better understanding of the event. Ticket mining and lessons learned from past threats are also options in the toolkit.
  • Threat hunting: For events with a higher priority, analysts could perform proactive reviews to discover potential threats not identified by established SIEM use cases. Threat intelligence sources could include current security trends, information ingested into the SIEM, and even external intel logs. The reporting of findings will be used to develop new SIEM use cases.
  • Ticketing system integration: After gathering relevant information to prepare the remediation recommendations, the SOC team leverages the organization’s ticket system to report the event. The remediation team uses the information to respond to the threat quickly

Having a disciplined SOC in today’s technology landscape is a no-brainer; however, building and maintaining a quality, insourced SOC is expensive, not to mention the effort required to find, train and retain the right security talent to monitor the tools and trigger threat responses.

Lumen Virtual Security Operations Center (vSOC) services provide 24/7 security event monitoring and incident handling to detect and analyze cybersecurity threats and incidents and help you align with regulatory compliance requirements. Our vSOC team follows the journey described above to augment your detection and response security strategy and empower you with practical remediation recommendations while minimizing labor and CAPEX expenses.

Learn how the Lumen Professional Security Services team can help you navigate the security landscape and implement robust tools and practices to protect your business against potential threats.

Learn More

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents Lumen products and offerings as of the date of issue.

Related Posts:

Post Views: 51,944




Author

Darwin Hernandez

Darwin Hernandez is a product marketing manager for Lumen, responsible for developing the product strategy for Lumen’s Professional Security Service portfolio. Over his 10+ years of experience, Darwin has previously developed and executed B2B and B2C marketing strategies. Darwin received his MBA from the University of Louisiana at Monroe and a bachelor’s degree from Universidad Central de Venezuela.

Trending Now
Beyond the Finish Line: How Churchill Downs Racetrack Harnesses Advanced Network Solutions for Seamless Kentucky Derby® Operations
Lumen Customer Stories Team April 23, 2025
SASE Isn't Here To Replace MPLS VPN, Despite What You've Heard
Jaden Morga April 11, 2025
You may also like
Classic Rock: Hunting a Botnet that preys on the Old
May 9, 2025
SASE Isn’t Here To Replace MPLS VPN, Despite What You’ve Heard
April 11, 2025
Building Trust Through Innovation: Massey Services Optimizes Agile Operations for Seamless Service and Safer Communities
April 9, 2025
Read Next