An Inside Look at Security Operation Centres: Dario Forte outlines the role of Security Operation Centres, the gatherers of intelligence, in the future of security

Setting up or evaluating a Security Operation Centre is not a simple matter, mainly due to the need to integrate company operations with existing technologies. The challenge is to centralise varying policies, procedures and architectures. The infrastructure must be able to guarantee three functional areas, which are automatic event detection, overall security infrastructure status display and intelligence gathering.

Automatic event detection

This is usually accomplished with an automatic log scanning system, often associated with one or more Intrusion Detection Systems. But in a multiclient system the need to normalize logs coming from different types of sensors and IDSs, either commercial or opensource, makes things more difficult.