Skip to main content

Resilience of your SOC

Paul Roberts
  • Updated

It is important that the infrastructure of your Security Operations Center (SOC) is resilient enough that your operators can always perform their duties, and that you have a plan in case something ever impacts that.

As a result we recommend the following for your SOC infrastructure:

Internet

We recommend one or more of the following:

  1. Redundant internet connections: using either...
    1. Two wired internet connections, each from a different Internet Service Provider so you are not affected if one goes down.
    2. A wired internet connection and a 3G cellular backup (via routers that have it built-in, or a separate 3G Hotspot device that your staff turn on and switch over to in an emergency, they could also use the hotspot provided by their phones too).
  2. Redundant/spare networking equipment: have redundant routers and switches, or at least spares that are configured the same and can be swapped in.
  3. Disaster plan: have a plan in case all else fails, involving sending your operators to the nearest location with internet access.

Power

We recommend one or more of the following:

  1. Redundant power connections: with power supplied from two different utility companies so you are not affected if one goes down.
  2. Generator backup: providing power to your SOC computers and network during a mid-to-long term outage.
  3. UPS backup: providing power to your SOC computers and network during a short term outage.
  4. Disaster plan: have a plan in case all else fails, involving sending your operators to the nearest location with power.

Computers

We recommend one or more of the following:

  1. Multiple/spare computers: have at least 2 computers for operators to use, so one of them failing does not leave you unable to operate (ideally have a spare that someone can switch over to without reducing your operating capacity).
  2. Redundant/spare computer hardware: where possible have redundant hardware in your computers and/or spares, such as redundant RAID1 mirrored hard drives, redundant power supplies, more than one RAM stick and CPU chip in each computer, and spare keyboards, mice, and monitors.
  3. Disaster plan: have a plan in case all else fails, involving sending your operators to the nearest location with working computers.

Related articles

Comments

0 comments

Please sign in to leave a comment.