Most security operations centres ( SOCs ) function around the clock , with employees working in shifts to constantly log activity and mitigate threats . Prior to establishing a SOC , an organisation must define its cybersecurity strategy to align with current business goals and problems . Industry pundits look at SOC adoption and why it is garnering momentum on the African continent . By Manda Banda
A security operations centre ( SOC ) is a command centre facility for a team of IT professionals with expertise in information security ( infosec ) who monitors , analyses and protects an organisation from cyberattacks . In the SOC , Internet traffic , networks , desktops , servers , endpoint devices , databases , applications and other IT systems are continuously examined for signs of a security incident .
The overarching strategy of a SOC revolves around threat management , which includes collecting data and analysing that data for suspicious activity in order to make the entire organisation is more secure . Raw data monitored by SOC teams is security-relevant and is collected from firewalls , threat intelligence , intrusion prevention and detection systems ( IPSes / IDSes ), probes and security information , and event management ( SIEM ) systems . Alerts are created to immediately communicate to team members if any of the data is abnormal or displays indicators of compromise ( IOCs ).
According to the 2021 IBM XForce threat intelligence report , cyberattacks on healthcare , manufacturing and energy doubled from the year prior , with threat actors targeting organisations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains .
46 INTELLIGENTCIO AFRICA www . intelligentcio . com