SOC

July 20, 2024

Security Operations Centers
A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to security incidents within an organization.

Discover Vulnerabilities on Systems
Prioritize Systems
Assess (baed on asset criticality, vulnerability threat, and asset classification)
Report (measure risk)
Remediate (fix/patch/remove/etc.)
Verify Remediation (make sure the fix you performed worked)
Discover (loop)

SIEM - Security Information and Event Management (Azure Sentinel)
Threat Intelligence platform (Azure Sentinel: Threat Intelligence Data Connectors)
Endpoint Detection and Response (EDR) tools: Microsoft Defender for Endpoint
Network traffic analysis tools (Network Security Group Flow Logs with Azure)
Vulnerability scanners (Microsoft Defender for Cloud: Vulnerability Management)
Identity and Access Management (IAM) tools (Azure IAM)
Incident Response Platforms (NIST 800-61 and some capabilities within Sentinel and Azure)

Security Information and Event Management
Solution that helps organizations detect, analyze, and respond to security threats
Combines security information management (SIM) and security event management (SEM) into one security management system. SIEMs collect event log data from a range of sources, identifies activity that deviates from the norm with real-time analysis, and takes appropriate action.