Discussion on:

Security Operations Center: Not just for huge enterprises

Patrick, about ten years ago, I wrote a feasibility report on building a SOC for my employers back then. One thing to note is that if you're going to staff one for 24/7 operations, be preprared to hire five analysts, watchstanders, etc for every seat in the SOC. This will cover three shifts for weekdays, plus weekends and holidays. CERT.org has a lot of good documents which provide guidance on standing up a SOC.

I am not in any way affiliated, but Spiceworks has done a great job for me in the last few years..

And I'm surprised such good open source resources exist for this subject matter. That Spiceworks site page is interesting as well. Thank Patrick and Michel!

I can't help noticing that the Nagios site mentions security monitoring right on the front page - I'm impressed with that!

Just as we question why Harry Potter needed an actual library with paper books vs some sort of computer/tablet device, in 2013 the concept that staffers are sitting at a desk watching a console is a somewhat antiquated concept.

First of all, this is VERY costly, and 99.99999% of the time they have nothing to do.

It's more common to assign some of these duties to a NOC, if there is one, but more commonly the regular IT security team is simply on-call, and setup to receive things like IDS alerts, SNMP alerts, or email events from devices they are responsible for. The incident response plan is there, and if a real incident happened, they need to be there, of course.

With two clicks of a Smartphone, a security analyist can connect to the network, view logs or alerts, and even start other processes, such as firing up a sniffer. There is no need to be there in person....

Nice article, I love to read these type of articles. Every security operation center need advance technology. Thanks for sharing your views.