When companies first began to stand up SOC operations there were a few basic tools for network monitoring and logging events. Now there is a plethora of tools from which to choose. This section provides some simple guidance on what to look for when purchasing technologies for your SOC. The tools we discuss can be divided into the following categories:
- Vulnerability scanners and network mapping systems
- Intrusion detection systems (IDS) and intrusion prevention systems (IPS)
- Netflow analysis systems
- Antivirus systems
- Configuration monitoring systems.
But key to the proper functioning of a SOC is the security incident and event monitoring (SIEM) system. The following figure from the Zimmerman manual (2014) illustrates the functions of a SIEM.
Zimmerman, C. (2014). Ten Strategies of a World-Class Cybersecurity Operations Center. The Mitre Corporation.