I had a training session last week and talked about the SOC and security management platform. I once again stressed that the security management platform is not equal to the SOC!
I have already said this, and it is necessary to give it a try again.
Internationally, the general description of SOC is defined as a team in a relatively fixed place, continuously monitors and maintains the network infrastructure and its business security status according to the established procedures and methods. Obviously, SOC, namely Security Operations Center and Security operation Center, includes people, premises, management objects, management methods, processes and tools. SOC is more about a place, similar to XX Information Center and XX network center. The first thing we can see is a building and then an organizational unit.
In fact, the definition of SOC is the same no matter in China or abroad, and the definition of SOC in China is also described above.
The definition of the Security Management Platform generally refers to the key process with assets as the core and security event handling as the core, A security operation monitoring, risk measurement, and security O & M platform for information assets guided by security risk management.
The Security Management Platform refers more to technologies and tools in SOC. If there are three parts of SOC: people, processes, and technology, the security management platform is just T, and even the complete set of T cannot be built. T in SOC is not only a platform, but also a set of tool kits.
All in all, the security management platform is not equal to SOC! You can understand the Security Management Platform as a part of SOC, the Technical Support Platform of SOC.
Unfortunately, in the process of introducing SOC to China, the two are gradually equivalent due to misunderstanding and simplification. Now, we sometimes mature our security management platform as SOC. I think there is nothing to say, as long as we understand the real difference between them.
Nowadays, the traditional definition of SOC is also changing, and the definition of SOC is not so obvious. Some people have proposed the concept of Virtual SOC; the traditional definition of the Security Management Platform is also changing, but in any case, the security management platform is not equal to SOC, and so will it be in the future.