Scribd
Upload
77 views8 pages

3 Pillar SOC

The 3 pillars of an SOC are people, process, and technology. The people pillar involves staffing the SOC with analysts working 24/7 in L1, L2, and L3 roles. The process pillar refers to following frameworks like ISO27001 and procedures like incident response. The technology pillar utilizes security tools like SIEMs, SOAR, threat intelligence, and endpoint detection to investigate threats.

Uploaded by

agus budi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
77 views8 pages

3 Pillar SOC

The 3 pillars of an SOC are people, process, and technology. The people pillar involves staffing the SOC with analysts working 24/7 in L1, L2, and L3 roles. The process pillar refers to following frameworks like ISO27001 and procedures like incident response. The technology pillar utilizes security tools like SIEMs, SOAR, threat intelligence, and endpoint detection to investigate threats.

Uploaded by

agus budi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

3 Pillars of SOC

SOC pillars
ISO27001, PCI-DSS, ITSM, MITRE
ATT&CK, Kill-chain Analysis, User
Behavior Analysis
Process

24x7 L1 team NG-SOC


8x5 L2 team
L3 consultant team

People Technology

SIEM, SOAR, Threat Intel, Threat


Hunting, NDR, EDR, Machine Learning,
Malware sandbox
1st PILLAR : PEOPLE

24/7 SIEM monitoring

Other Security
Perimeters investigator

SOC professional
consultant
PT.Trinet Service Level Agreement
15 minutes 24 hours

30 minutes

45 minutes

60 minutes

Note: Target resolution = until recommendation for mitigation


Flexible CSIRT team composition
Components SOCaas Hybrid Model (office hour-after office hour) Full Onprem services

Working Hours 24x7 remote Office hours – Onsite 24x7 onsite


After office hours – remote

L1 SPS SPS Customer

L2 SPS SPS SPS

L3 SPS Customer SPS

SOC Manager SPS Customer Customer

*note: this is only example


SPS CISRT (Cybersecurity Incident Response Team)
SOC Manager

L3 Team L3
SOC Consultant L3 Lead 2 persons

L2 Team
Advanced SOC L2
analyst L2 Lead 3 persons

L1 Team L1
SOC analyst L1 Lead 15 persons

Red Team
Red Team Red Team Lead 2 persons

You might also like