This is cache of http://www.rsa.com/blog/blog_entry.aspx?id=1297. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
The SIEM and the SOC -- what's useful and what's not?
2008-06-26 00:00:00 by Paul Stamp in Speaking of Security, the RSA Blog and Podcast
 
So earlier this year, again in my past life as an analyst, I spoke to a bunch of users, vendors and experts hoping to get some best practices about creating a Security Operations Center (SOC). For Forrester customers, I published my findings here.

To be honest, I originally came at this piece of research as a way to define what the place of a SIEM product in a SOC, so I diligently asked everyone I interviewed what technologies they thought were central to a security operations function. The answers I got were pretty unexpected, and normally started with the phrase "Technology? Oh that's an afterthought."

When we think of a SOC, we often have this picture of a big room, full of people in rows staring at a big screen up front, with monitors in front of them...

 
Tags: soc, security operations function, security operations center, front, forrester customers, siem product, past life, afterthought, piece
 
 
 
 
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia