SOC in China

SOC (Securit Operations Center) keeps abuzz in China security market after 2003. In fact, I kicked off the first SOC project at Nov. 2002, internally when I worked for iS-One as the Chief Strategy Office. After the project initiation, I digged a lot of web information related to SOC. At that period of time, SOC were mainly operated for MSS (Managed Security Service) providers, e.g ISS had six SOC globally. I tried to transfer the concept of SOC from MSS to enterprise security operations and was lucky to win the customer’s buy-in. Then we don’t have such product or even Proof of Concept (PoC) platform at all. We negotiated with eSecurity and made the final decision to build our first SOC upon it.

The first SOC project was finished at about June 2003 and thereafter SOC became a warming-up security market opportunity.

Today most of the major players at China security market claim to have their own SOC platforms and solutions, while many of enterprises are starting to plan and build their own SOC. To be mentioned, most of these SOC projects don’t reach their initial expectation.

While SOC was becoming popular at enterprise security management area, a few pioneer security companies in China began to make their fortune at MSS market with SOC., Unihub, Beijing Capital Information Co. and etc. tasted this market at early to around 2002, but they found it difficult to make profit.

A major security vendor – Topsec rolled out their SOC to provide MSS servcies at 2004, built on SOC product from ArcSight, while MSS is one of meaning that another major security vendor Venustech interprets their M2S vision.

To be optimistic, SOC has been entering a new stage where SOC serves for enterprise internal security operations and MSS providers.

Technorati Tags: , , ,,


3 Responses to SOC in China

  1. There are 3 major players in SOC: Cisco NAC, Microssoft NAP and Juniper’s Infranet. It seems market will force these three heads to cooperate. What’s your comment on this? If not, who will dominate eventually?

  2. hi2005 says:

    hi, Joe, i am afraid that there might be some differenct between your SOC and mine. Here SOC refers to Security Operations Center, mainly based on SIM(security information management) products, and enhanced with trouble ticket system, assets management, vulnerability management and security monitoring and etc. The major players in this area are CA, Arcsight, netForensics, IBM, Symantec, and etc. please refer to the following diagram at:


  3. romemeteor says:

    hi, joe, first Cisco Systems’ Network Admission Control (NAC) and Microsoft’s Network Admission Protection (NAP) initiatives will frisk any PC that wants to attach to your network. NAC and NAP cooperate with third-party software to check for the presence and status of antivirus and personal firewall software, report on the configuration of the machine, and look for patches. PCs that meet your standards gain entry; others can be denied access or shunted to safe (or restricted) network segments for remediation. In fact, it is really looked more like a Terminal Security Schema than anything else.

    and hi2005, although SOC refers to Security Operations Center, mainly based on SIM products, in fact, IT IS STILL A TOOL SUITE to provide CSO’s decision proof. In other word, it should be served with CIO, CSO’s decisions. That is the key to manage a good security infrastucture. Maybe, good idea is more important than some other security planform or tools.
    So if we could make use of the information(ie. logs, IDs, Statiscs, etc), dig the secret behind these data and orgazine them with our own style, we’ve got a really new world. Finally, I do want to express my opinion:
    Why Use IT? Why Risk IT? Why Secure IT? Why Manage IT? Why Break IT? Why Acquire It? ……

    Who could answer these questions ?

    ps: romemeteor@Shanghai

%d bloggers like this: