A security operations center (SOC) act as the centralized command center for a corporation dealing with security issues on an organizational and technical level. Responsible for protecting an organization from cyber attacks, a SOC continuously monitors network infrastructure, desktops, servers, endpoint devices, IoT devices, applications, and databases, among other systems for security threats.
Modern SOCs are comprised of four components monitoring and detection, incident response and threat hunting, threat intelligence, and detection engineering. With this construct, teams aim to constantly stay one-step ahead of attackers. In recent years, this has becoming increasingly more difficult due to a shortage of cybersecurity skills, too many alerts, and operational overhead.
Join this SANS lead forum as we explore various SOC topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.
Monitoring, Detection, and Investigation
Incident Response and Threat Intelligence
Risk-Based Vulnerability Management
Security Information and Event Management Solution (SIEM)
User and Entity Behavioral Analytics (UEBA)
Asset Discovery and Vulnerability Assessment