China
Africa
Explore chapters and articles related to this topic
Financial issues and responsibilities
Published in Nikki Robinson, Mind the Tech Gap, 2023
For example, an SOC would be focused on the monitoring for potential threats, malware detection, or even searching for IOCs with the security tools at their disposal. The SOC would contain or quarantine machines with infections, investigate potential malicious actor network scanning, and monitoring EDR alerts for malware or viruses. If there is an IOC identified with an APT group on a workstation, SOC analysts would be quick to quarantine or contain that machine. They would most likely reach out to the user and notify them, but IT teams may not be notified initially. Since helpdesk technicians and SOC analysts typically have separate tracking methods for tickets and cases, there could be lack of awareness when a case like this occurs. Helpdesk and IT teams may be notified after management chains have been told and may be fielding calls from users asking why their machines are not accessible. This could lead to extra calls to the helpdesk, inability to resolve the issue, or the technician could remove containment on the machine if they did not have notes for the incident.
Introduction
Published in Heqing Zhu, Data Plane Development Kit (DPDK), 2020
The general-purpose processor can be integrated with additional silicon IP; then, it will evolve into SoC. The SoC system often consists of a processor, the integrated memory controller, the network I/O modules, and even hardware accelerators such as security engine and FPGA. Here are a few known SoC examples: Intel®: Xeon-D SoC, Atom SoC;Tilera: TILE-Gx;Cavium network: OCTEON & OCTEON II;Freescale: QorIQ;NetLogic: XLP.
Cybersecurity Incident Response in the Enterprise
Published in Mohiuddin Ahmed, Nour Moustafa, Abu Barkat, Paul Haskell-Dowland, Next-Generation Enterprise Security and Governance, 2022
Nickson M. Karie, Leslie F. Sikos
The advances in technology constantly introduce new, advanced security threats for organizations. To continuously monitor the cybersecurity posture and prevent security threats and data breaches in near real-time, many organizations make use of a SOC. According to McAfee [8], “a Security Operations Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.” Many SOCs utilize Security Information and Event Management (SIEM) to have a holistic view of an organization's information security [9].
Insider Intrusion Detection Techniques: A State-of-the-Art Review
Published in Journal of Computer Information Systems, 2023
Network-based insider intrusion detection can either use higher-level events or lower-layer packet data. SIEM, an integral component of the Security Operations Center (SOC) is a commercial intrusion detection tool which analyzes the higher layer events collected from different endpoints at a central location to detect and predict the intrusions.7 We are analyzing the intrusion detection methods from both the higher layer event-based approach and the network flow-based detection approach.