Security Operations Center (SOC) at China

There are many of projects targeted at building a Security Operations Center (SOC). A SOC helps centrally monitor and control all your security elements and policy. It consists of a technical platform and an organizational team with security focus. The following diagram depicts the processes and activities inside and outside a SOC.

At China, it’s an honour to me to lead the team to design and build up the first SOC for a province mobile company at 2002. Thereafter, more and more SOC projects, especially at province companies of China Mobile, emerged. Security Command Center (CA), eSecurity, Arcsight, netForensics, Intellitactics, and other products from Micromuse, NetIQ, and even IBM and Symantec, began to fight against to each other.

Most of local security vendors choose the way to introduce those foreign SIM products into their own SOC solutions, as the bottom layer to collect and correlate security events/incidents, e.g. Lenovo and Topsec from ArcSight, iS-One from eSecurity, BOCO from netForensics, and so on. while Venustech is re-evaluating among those products after a period of time touching with Arcsight.  For more information about those local security companies in China, please refer to my previous post

Outlook of A SOC

2 Responses to Security Operations Center (SOC) at China

  1. lp says:

    随着soc功能的同质化,经验、整合能力和顾问能力逐渐变成赢得项目的关键,这些能力还会为soc带来新的发展
    由于soc是有中国特色的,这些注定国外厂商无法成为soc的一线主力

  2. 我老了 says:

    这里国内厂商与国外厂商似乎应该定位成SI与原厂家的关系较好,发展方向更像现在计费或者网管领域的发展趋势。在服务方面国外厂商无法竞争,在产品方面国内厂商的积累和产品化则有不足。

%d bloggers like this: