A Gigamon Whitepaper:
SOC AUTOMATION OF THREAT INVESTIGATION
SOC AUTOMATION OF THREAT INVESTIGATION
When a Security Operations Center (SOC) is shown on TV, it has a specific portrayal. There is a large wall full of screens. World maps showing the threat origins and targets are updating in real time. Desks are full of people behind monitors. However, when visiting a SOC in most companies, it looks completely different. There are often only a few people there. The impressive dashboards of activity are instead a few screens. The people aren’t focused on individual systems; instead they all are doing many jobs to keep the SOC running.
The goal of these ‘real’ SOCs is to optimize the tools they have, reduce the noise from their tools to manageable levels, and automate as much of the process as possible. Gigamon recently made a major step towards this goal by integrating the capabilities of its own Gigamon GigaSECURE® Security Delivery Platform with the advanced security detection and analysis provided by BluVector, as well as by automating the collection of all security events through Splunk Enterprise.