Application of Cyber Intelligence for Security Operation Center
Application of Cyber Intelligence for Security Operation Center

Author(s): Nedko Tagarev
Subject(s): Social Sciences, Economy, Business Economy / Management, Sociology, Methodology and research technology, Social Informatics, ICT Information and Communications Technologies
Published by: Университет за национално и световно стопанство (УНСС)
Keywords: GAP analyses; Cybersecurity
Summary/Abstract: Ensuring practical cyber intelligence for a Security Operation Center (SOC) involves collecting, analyzing, and utilizing information about cyber threats to enhance the organization's security posture. This encompasses the gathering and analysis of data on potential and active cyber threats, including Indicators of Compromise (IoCs)" which refer to signs that a security breach may have occurred, while "Tactics, Techniques, and Procedures (TTPs)" refer to the methods and behaviours used by an attacker to carry out a cyber attack and utilized by threat actors. Additionally, it entails the use of advanced tools to monitor networks, systems, and applications for suspicious activities, such as the utilization of Security Information and Event Management (SIEM) systems, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS). Furthermore, it involves developing and implementing plans to respond to security incidents, including identifying, containing, eradicating, and recovering from cyber-attacks. Regularly scanning systems for vulnerabilities and applying patches or mitigations to reduce the attack surface are also crucial components of cyber intelligence in the SOC. Lastly, monitoring and analyzing user and entity behaviour to detect anomalies that could indicate insider threats or compromised accounts is another significant aspect of effectively integrating cyber intelligence into SOC operations.

• Details
• Contents