Frost and Sullivan: Practitioner’s Guide to Building a Security Operations Center

Building an in-house SOC can be a daunting task

Published July 2018

PractitionersGuidetoBuildingaSecurityOperationsCenter

The purpose of a Security Operations Center (SOC) is to identify, investigate, prioritize, and resolve issues that could affect the security of an organization’s critical infrastructure and data. A well-developed and well-run SOC can perform real-time threat detection and incident response, with SOC analysts that can deliver rapid security intelligence to stakeholders and senior management, identifying when an attack starts, who is attacking, how the attack is being conducted, and what data or systems are being compromised.

For many organizations, especially those that don't fall into the "large enterprise" category, building an in-house SOC can be a daunting task. This paper examines the tools, personnel and processes required to build and operate an effective SOC, along with an analysis of how organizations can leverage the AlienVault Unified Security Management (USM) platform as the foundation for a SOC.