Services Security Tools and Technology Componets
A deeper analysis of the technology components supporting the CSOC cannot be divorced
from a strong emphasis on security; every single detail of an in-depth approach must not
be overlooked: LAN segmentation, NAC, VPN, endpoints hardening, encryption of data at
rest, in use and in motion, protection through well configured and monitored IPSs/IDSs,
firewalls, routers and switches.
Since the CSOC is a team, collaboration tools have to be carefully designed to give the members the best user experience available, which would in turn give the CSOC the best ability to produce value for the business: this goal must be accomplished with all the security assurance requirements needed for a CSOC. Mobile devices are another aspect that cannot be neglected while designing and building a CSOC. A particular emphasis must be placed on Data Loss Prevention measures, spanning from endpoint to servers and from e-mails to smartphones. Without meaning to be exhaustive, many further technology components that contribute to complete the entire CSOC ecosystem should be mentioned: Web Proxies, sandboxes, endpoint breach detection solutions and forensics tools.
All of the involved systems generate events, logs, flows and telemetry data that must be ingested, processed and analyzed by a machine and, eventually, by a human being. In this phase of ingestion, processing and correlation, it is worth to remember the pivotal role of the SIEM for the CSOC