Page 8 - Cyber Warnings
P. 8
Is Your SOC Staffed Appropriately?
By Slavik Markovich, co –founder and CEO of Demisto
www.demisto.com
When starting to build a Security Operations Center (SOC), your first consideration should be
your team. Staffing a SOC can be more difficult than expected. How many people will you need
to employ? What training do they require? How should the team be structured? How do you
plan for capacity?
These and other questions must be clearly answered in order to provide an educated approach
to SOC resource planning. Guessing and winging it as you go along is just not an option. Before
investing time, effort and resources, make sure that your SOC team is staffed appropriately.
Structure Your SOC Team
The standard structure of an SOC team includes Alert Analysts, Incident Responders,
Subject Matter Experts and SOC Managers, all of whom should all be experienced IT
and networking professionals trained in computer science, cryptography or network
engineering.
Analysts should be the first to be hired, since they support the initial build-out of the
SOC, as explained below.
The SOC team structure is integrally related to the level of expertise an organization has
in-house. You may already have employees that are able to fulfill some or all of the
roles, or you might need to consider outsourcing (via managed security service
providers) or contracting specialists to provide surge incident response (IR) support.
Many companies adopt a solution that is a combination of these options.
Below is a summary of the functions of each member of the SOC team and the skill sets
they should possess:
Alert Analyst:
Constantly monitors the alert queue
Prioritizes security alerts
Checks on the operational efficiency of security sensors and endpoints
Compiles data and background material needed by the Incident Responders to
perform their job
The Alert Analyst should be trained in intrusion detection; alert triage processes; security
information and event management (SIEM); host-based investigative training; and other
tool-specific training.
8 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
