Threats to security are constantly changing and techniques of attacks on ICT systems are evolving. The SOC service is provided by engineers and specialists who form a multidisciplinary team. The basic service is realized based on four reaction levels, which are connected through the process of response incident.
- Level 1 – Alert Analyst – a role responsible for monitoring security incident queue alerts; responsible for the status of sensors and endpoints – collects and sends relevant data up to level 2; preliminary detection of intrusions through appropriate alert analysis.
- Level 2 – Incident Responder – a role responsible for threat hunting. Correlation of data from different sources and determining the criticality of the system/set of data that have been exposed. It ensures the development of remediation actions and new analytical methods in the detection of threats.
- Level 3 – Subject Matter Expert/Hunter – a role with knowledge of the network, terminal equipment, threats, forensics, and malware, but also of the operation of individual applications. She is closely involved in the development, configuration, and implementation of threat detection tools.
- Level 4 – SOC Manager – a role responsible for resource management (people, technology) and process improvement; it acts as an organizational point for critical incidents. It ensures continuous improvement of the security strategy.