WTF does a SOC actually do?

Host: Tom Kinnaird, Lead Microsoft Security Engineer | Claranet Cyber Security

The moments following a security alert are some of the most critical in attack detection and response. What takes place during this time window will dictate whether a threat is eradicated fast or left to persist, potentially causing devastating harm to your organisation.

Join Tom, as he demonstrates what really happens inside a CREST-accredited SOC in the first 30 minutes after an alert is received. He’ll use a simulated sophisticated attack walkthrough to show how SOCs use people, process, and technology to detect and respond to threats across the kill chain. By the end of the event, you’ll understand what “effective” triage and escalation look like in a real attack scenario.

What you’ll learn:

The people, roles, processes, methodologies, systems, tools, and techniques that make up the SOC
What an alert actually looks like and how these are triaged
How to make the most of the first 30 minutes following an alert
The process and value of security data enrichment
How threat hunting works and why it’s essential to attack detection
How a SOC team collaborates to identify threats and protect organisations from harm

Duration: 00:59:46
Publisher: Claranet
You can watch this video also at the source.