Security Operations Center (SOC)
The threat landscape facing corporations, utility sector, transportation sector, educational institutions, financial institutions, manufacturing, shopping malls & centers, sporting and entertainment venues continues to evolve and the sophistication of attacker tactics, deception and techniques continues to advance constantly challenging law enforcement’s ability to prevent, deter or respond effectively to an incident. This challenge is further by compounded by police departments across the nation and officers are now in a state of “de-policing” more often because social-justice movements like Black Lives Matter have become “the new norm,” thus department and individual officers across the nation have increasingly made the decision to stop engaging in proactive policing according to a report by the FBI Office of Partner Engagement, April 24, 2019.
Organizations are coupled with an ever-growing work load, limited staffing, increasing volume of interconnected systems and budgetary constraints, organizations are challenged with implementing an operational capability to protect their vital assets, data, trade secrets and brand.
Strategic Security Corp.’s (SSC) Security Operations Center (SOC) is a physical, centralized headquarters for monitoring, detecting and responding to security issues and incidents to support SSC field operations.
SSC offers corporate clients several models for implementing a SOC as part of a larger incident detection and response (IDR) program. These models include:
- Co-managed model
- Fully outsourced model
The various responsibilities within a company’s security team can be extremely complex, and SSC’s SOC can not only serve as the tactical console to empower team members in performing their day to day tasks, but as a strategic center to keep the team aware of bigger, long term security trends.
Who Needs a Security Operation Center?
No matter a company’s size or purpose, it’s valuable to have a dedicated organizational-level team whose job is to constantly monitor security operations and incidents and respond to any issue that may arise.
SOC Capabilities
- The Ops Center has a number of tools to help with the productivity of Ops personnel.
- Can track any number of security alerts that an organization might encounter, including potential threat notifications via technologies and tool, as well as assets, employees, partners and external sources.
- Can investigate and validate the reported threat to make sure it’s not a false positive, catalog the event and perform case management of specific incidents or long term investigations.
- Can do proactive monitoring of remote sites through intelligent video analytics.
- It has a fully integrated web site housing all the tools Ops personnel need to keep up to date on new events, activate the TacOps Disaster Incident Response Teams (DIRT), radio network or other assets required for an incident. It also provides tracking of TacOps resources and personnel deployed at an incident. The Ops Center also has the ability to interact with most IP radio (IPICS) and IP video systems (VSM). This allows the TacOps team to support client corporate security teams that may have limited resources.
- All tools operate around the main Intelligence Gathering and Incident Management System. Information from multiple automated feeds, such as RSS, Guard Checkpoint Tracking, IP CCTV (camera), Alarms, GPS, travel tracking, satellite or other normalized sources of information, is feed into the customized platform. From there the events are turned into Keyhole Markup Language (KML) data and displayed on Google Earth. The Google Earth Event Tracking System which is part of the entire TacOps Incident Management System can be shown on any display in the Center or accessed via the web. Currently the system tracks many sources of information including crime, earthquakes, floods, hurricanes and fires. All events are rated on a severity level. When a new event occurs, Google Earth automatically moves to that new event location, and the lighting bars notify Ops personnel by flashing the correct severity level. Ops personnel can then click on the event to see additional information.