Starting a Security Operations Center (SOC) operation is never easy. Establishing a SOC involves a large investment of both money, technology and people skills. The most highest investment will be on security tools.
As we all know, security consists of a Layered Approach (People, Processes, and Technology). We are going to discuss only on Technology aspect. This domain includes below aspects,
- Cyber threat intelligence databases and feeds
- Governance, risk, and compliance systems (GRC)
- Intrusion detection systems (IDS)
- Intrusion prevention systems (IPS)
- Penetration testing tools
- Vulnerability scanners
In the market, there are sophisticated tools and technologies. But most of the organizations can not afford such. So, the option left is Open source and Shareware. So, will look at the open source solutions that will trigger as a starting point.
- SIEM / Log Management : Elastic Stack
- Data Analytics : OpenSOC
- SOAR / Security Orchestration Automation and Response : WALKOFF , Shuffler
- Incident Response : Kansa , Velociraptor
- Incident Management Systems : TheHive, FIR
- Threat Intelligence Platforms : MISP , OpenCTI
- Endpoint monitoring : NXLog , OSquery , OSSEC
- Network Security Monitoring : Suricata , Snort , zeek
Hope to see a successful SOC operation…If you are looking to validate the security skills of your team you can use the OpenSOC