An SOC is a boots on the ground sort of resource within a corporation, working on all aspects of security to create a comprehensive approach both to developing strategies and creating security architecture to providing ongoing, operational support. Security analysts play a dominant role in day to day work, working to analyze the state of a system, respond to attacks, report on potential issues, and prevent security incidents.
An SOC works by first creating a strategy that incorporates overall cyber risk prevention objectives across the organization, both on the individual department level as well as in the eyes of executives and board members. For larger companies, this strategy may be extremely complex, but this complexity may be necessary to accommodate varying points of view.
The strategy created by the company will then guide the creation of an infrastructure that best accommodates the cybersecurity risk management needs of the company. How this is accomplished can vary greatly, but will usually be specific to the roles and responsibilities of a company. Using a generalized plan can defeat the purpose of an SOC entirely. In many cases, infrastructures include tactics like firewalls, an a security information and event management system, probes, and IPS/IDS. Regardless, the measures implemented should be appropriated to collect information via techniques like data flows, syslog, telemetry, and other opportunities, providing the access necessary for thorough monitoring, analysis, and vulnerability assessments.
In many cases, SOC for cybersecurity make use of the NIST framework of security, or a set of guidelines established by the National Institute of Standards and Technology that guide private companies in establishing appropriate data management operations to prevent cyber attacks. The guidelines provide a comprehensive overview of rules, technologies, and languages that can be used to safeguard against breaches and streamline incident response. NIST is also the standard for many of the most common compliance requirements.