Finding the Right Security Operations Tools for Your Agency
A robust SOC will have a range of tools for ensuring network health. These may include log collection and management tools that gather the information needed to drive effective security analyses. Such tools, in turn, support security information and event management (SIEM), which aggregates log data, looks for signs of attack and issues alerts.
The SOC may make use of endpoint detection and response tools, which aim to detect and contain threats to endpoints or hosts. Some may also use technologies such as user and entity behavior analytics, a machine learning approach to identifying variations from normal user behavior.
In North Dakota, Gregg adds to this a security orchestration, automation and response tool from Palo Alto Networks. SOAR makes it possible to coordinate, execute and automate tasks, all within a single platform.
Armed with these tools, a SOC team can perform a range of key functions. It will do proactive monitoring, including log file analysis and threat monitoring. The SOC will also coordinate the response to a cyber incident and can help ensure that government is meeting its compliance obligations in regard to cybersecurity.
The “as a service” model helps to make all this more readily available to Gregg’s agency customers.