Skip to main content

Resilience of your SOC

Paul Roberts
  • Updated

Introduction

The following important notes apply to Ops:

  • The Ops system is fully redundant, running on the highly resilient AWS platform with all resources being redundant across multiple Availability Zones (identical and physically separate data centers in the same region) in an Active-Active setup behind a load balancer (so all servers in all AZs are actively receiving traffic). It is also under constant automatic monitoring to ensure its continued operation.
  • It is important that the infrastructure of your Security Operations Center (SOC) is resilient enough that your operators can always perform their duties, and that you have a plan in case something ever impacts that.
    • This includes a working internet connection which is required to use Ops. If you were to lose internet connectivity you will see a red message stating "The server may be unconnectable or offline. We will continue to attempt to reconnect" and will not be able to perform your duties until you resolve the internet issue, at which point the message will disappear and you can continue where you left off.

As a result we recommend the following for your SOC infrastructure:

Internet

We recommend one or more of the following to ensure you have a reliable internet connection to be able to use Ops:

  1. Redundant internet connections: using either...
    1. Two wired internet connections, each from a different Internet Service Provider so you are not affected if one goes down.
    2. A wired internet connection and a 3G cellular backup (via routers that have it built-in, or a separate 3G Hotspot device that your staff turn on and switch over to in an emergency - they could also use the hotspot provided by their phones too).
  2. Redundant/spare networking equipment: have redundant routers and switches, or at least spares that are configured the same and can be swapped in quickly.
  3. Disaster plan: have a plan in case all else fails, involving sending your operators to the nearest location with internet access.

Power

We recommend one or more of the following:

  1. Redundant power connections: with power supplied from two different utility companies so you are not affected if one goes down.
  2. Generator backup: providing power to your SOC network and computers during a mid-to-long term outage.
  3. UPS backup: providing power to your SOC network and computers during a short term outage.
  4. Disaster plan: have a plan in case all else fails, involving sending your operators to the nearest location with power.

Computers

We recommend one or more of the following:

  1. Multiple/spare computers: have at least 2 computers for operators to use, so one of them failing does not leave you unable to operate (ideally have a spare that someone can switch over to without reducing your operating capacity).
  2. Redundant/spare computer hardware: where possible have redundant hardware in your computers and/or spares, such as redundant RAID1 mirrored hard drives, redundant power supplies, more than one RAM stick and CPU chip in each computer, and spare keyboards, mice, and monitors.
  3. Disaster plan: have a plan in case all else fails, involving sending your operators to the nearest location with working computers.

Related articles

Comments

0 comments

Please sign in to leave a comment.