The Cybersecurity Operations Centre does not replace existing roles or responsibilities. Its ultimate objective is to support and increase the existing capacities of surveillance and response where deficiencies are detected, and agencies require their help, with priority being given to the following aspects:
- Continuous monitoring and evaluation of the security measures in use, verifying their implementation.
- Proactively increasing and expanding detection, surveillance, protection and incident response capabilities.
- Parameterizing threats using cybersecurity intelligence to integrate the information. In this regard, it is essential to improve incident reporting and increase the exchange of information.
The common notion of a SOC refers to a perimeter security operation and integration with an automatic and centralized management of events through a SIEM (Security Information and Event Management). In this case, the added value of the SOC will be directly proportional to the traffic analysis and processing capacities in the area chosen and delimited by the central "cloud" in the figure.
- Deployment of infrastructure to decrypt connections to protect services and applications.
- Analyze security events, issue reports and recommendations.
- Filter and monitor email according to security policy.
- Ensure the safety of users' Internet browsing.
- VPN access for external connections.
- Vulnerability analysis and passive DNS.
The SOC has three (3) levels:
- Cybersecurity Intelligence.
As a complement to these services, a team of experts will be available to support the investigation of security incidents in forensic analysis, code analysis, manual analysis and reverse engineering of binaries, on-site assistance for the containment and resolution of critical incidents and cybervigilance on social networks and the Internet.