SOC. Construction of a security operations centre
A security operations centre is the centre providing operational protection of company infrastructure from modern attacks, combining processes, personnel and technologies.
The core is made up of SIEM class products for collection, storage and processing of information about the security status of the IT infrastructure.
- infrastructure inventory and control;
- consolidation of information about information security incidents;
- coordination and automation of incident responses;
- integration and retrieval of data from external sources;
- collection of security system performance indicators (metrics).