Security Operations Centers

  • Share

Preparing for known cyber attacks is hard enough. But how do organizations build controls for the security risks they don’t even know about yet?

Vital to foundational cybersecurity are the processes and technology that support the Information Security function. These are most effective when they are centralized, structured and coordinated - which is why a Security Operations Center (SOC) is a valuable starting point.

A well-functioning SOC can form the heart of effective cyber threat detection, helping to secure and enable the business about attackers. It can enable Information Security functions to respond faster, work more collaboratively, and share knowledge more effectively.

For an overview of fundamental SOC principles, we recommend reading Security Operations Centers: Helping you get ahead of cybercrime which explores the top 10 considerations critical to the success of an SOC.

However, with the exponential growth of the digital world, and as the threats continue to rapidly evolve in both sophistication and scale, the need to protect organizations’ intellectual property, operations, brand and shareholder value, in addition to their customers’ data, is ever more critical.

SOCs have therefore needed to evolve. First generation SOCs tended to focus upon signature-based controls such as anti-virus and intrusion detection systems, allowing organizations to detect ‘known bad’ artefacts associated with an attack. The second generation of SOC heralded the advent of 24x7 operations in recognition that attackers don’t close for the day, even if your business does.

We are now seeing the emergence of the third generation of SOCs; converging specialist skill sets from disciplines related to cybersecurity, threat intelligence, data science and cyber analytics into advanced SOC ecosystems, where the whole is greater than the sum of its parts.

The driver behind third-generation security operations is an integrated cyber threat management program which enhances the enterprise’s existing security capabilities to achieve greater effectiveness against persistent attackers through an Active Defense approach.

EY - Third-generation Security Operations Centers 2015

See our report Using cyber analytics to help you get on top of cybercrime: Third-generation Security Operations Centers:




Our Managed SOC service has redefined security operations to meet the next generation of emerging cyber threats. EY’s Advanced Security Center provides our client’s organization with world-class cybersecurity, and highly mature threat detection and response capability: achieved by our high performing team, process discipline and technology optimization; tightly coupled with our Cyber Threat Intelligence (CTI) capabilities.