- Views: 6
- Report Article
- Articles
- Computers
- Information Technology
Security Intelligence Center(SIC) - The changing face of the Security Operations Center (SOC)
Posted: May 03, 2018
In the IT security landscape, the current buzz is around the changing face of the SOC and the buzzword of the moment is ‘Security Intelligence Center’ (SIC).
So what is a SIC all about? In plain speak, it is an enhanced SOC where the primary focus is on analyzing historical breaches and incidents to identify patterns. The SIC uses this intelligence, gathered over time, to detect any anomalies and foresee breaches before they happen. There is a definite change in approach as the SIC no longer waits for breaches to occur and then act on limiting the effect and work towards remediation. In other words, the SIC now focuses on tasks related to predictive analysis instead of just the operational activities. The internal intelligence coupled with threat intelligence from external sources is plugged back into the system to enable automation of certain pre-decided responses to probable breaches.
Automation, Analytics, and Threat Intelligence are the fundamentals of an effective Security Intelligence Center. Security automation gives 24x7x365 visibility into the entire IT landscape of the enterprise including networks, cloud, devices, endpoints, etc. Big data analytics provides real-time analysis of the digital trail and helps identify potential attackers and prevents attacks. Enriching internal data with external threat intelligence has dramatically improved the detection of breaches in advance and response times.
Greg Boison, The Associate Director of Boston Consulting Group and a Global Expert in Government, Cyber Security, and Defense, says, "The traditional Security Operations Center (SOC) is out, and the new Security Intelligence Center (SIC) is in. The SIC is the natural evolution of the SOC." He adds, "The threat has evolved, increased, and it has become a game-changer in how we need to approach cybersecurity. What we have been able to do is change the focus of analysts. No longer are analyst’s eyes-on-glass, waiting for an event to come in and feeling deluged by many, many events. Now what we have been able to do... is focus those previous analyst resources on the events that truly matter... and focus on the intelligence analysis behind network defense, not just event monitoring."
The NetEnrich blog
Security Intelligence Centers —The Big Game Changer in Security, is an excellent resource for CISOs and one that I found very informative. It explains in detail the impetus for this change in the SOC, how automation, analytics, and threat intelligence form the bases of an efficient SOC and the benefits of partnering with an MSSP to deliver a Managed SIC. The result is more security with less management. Enterprise IT security, check.