A Security Operations Center (SOC) has the task of permanently monitoring a defined IT environment for security-relevant events. This usually involves analysing log files and/or data traffic for suspicious information. The aim is to detect threat scenarios and initiate appropriate countermeasures (“response”).
In this whitepaper, we address the key issues in the specification of requirements, as well as success criteria in the selection process.
