{"id":9163,"date":"2016-08-23T10:53:40","date_gmt":"2016-08-23T09:53:40","guid":{"rendered":"https:\/\/www.solucominsight.fr\/?p=9163"},"modified":"2019-12-31T10:18:11","modified_gmt":"2019-12-31T09:18:11","slug":"cybersecurite-lheure-bilan-soc","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2016\/08\/cybersecurite-lheure-bilan-soc\/","title":{"rendered":"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC"},"content":{"rendered":"<p>De la cr\u00e9ation des premi\u00e8res \u00e9quipes au d\u00e9but des ann\u00e9es 2000 \u00e0 la multiplication des initiatives pour <strong>r\u00e9pondre aux premi\u00e8res attaques cibl\u00e9es<\/strong> dix ans plus tard, les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle ou SOC (<em>Security Operational Center<\/em>) doivent <strong>relever des challenges<\/strong> de plus en plus importants\u00a0: <strong>d\u00e9tecter<\/strong> toujours plus efficacement et rapidement pour pouvoir <strong>r\u00e9agir<\/strong> de mani\u00e8re appropri\u00e9e.<\/p>\n<p>\u00c0 quelles <strong>difficult\u00e9s<\/strong> font face ces \u00e9quipes au quotidien\u00a0? Comment <strong>rester efficace<\/strong> alors que les attaques des cybercriminels deviennent <strong>extr\u00eamement \u00e9labor\u00e9es<\/strong>\u00a0?<\/p>\n<h2>Le SIEM\u00a0: un pilier du SOC\u2026 \u00e0 condition d\u2019\u00eatre bien impl\u00e9ment\u00e9\u00a0!<\/h2>\n<p>L\u2019apparition d\u2019outils comme le <strong>SIEM<\/strong> (<em>Security Information and Event Management<\/em>), il y a environ 10 ans, a permis aux \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle d\u2019<strong>industrialiser<\/strong> la surveillance en <strong>simplifiant<\/strong> l\u2019analyse de multiples sources d\u2019\u00e9v\u00e9nements de s\u00e9curit\u00e9 (console antivirus, proxy, <em>Web Application Firewall<\/em>\u2026). Cet outil a \u00e9galement rendu possible la corr\u00e9lation de nombreux \u00e9v\u00e9nements provenant d\u2019\u00e9quipements ou d\u2019applications h\u00e9t\u00e9rog\u00e8nes pour <strong>d\u00e9tecter des scenarii de menace avanc\u00e9s<\/strong>.<\/p>\n<p>Cependant, la mise en place d\u2019un SIEM doit \u00eatre le r\u00e9sultat d\u2019un projet ayant un <strong>investissement proportionnel \u00e0 la complexit\u00e9<\/strong> du syst\u00e8me d\u2019information surveill\u00e9. En effet, la pertinence d\u2019un SIEM repose \u00e0 la fois sur\u00a0:<\/p>\n<ul>\n<li>La pr\u00e9sence de <strong>contr\u00f4les contextualis\u00e9s<\/strong> au syst\u00e8me d\u2019information (notamment au travers de l\u2019exploitation de la sensibilit\u00e9 des <em>assets<\/em> surveill\u00e9s).<\/li>\n<li>L\u2019\u00e9tude et l\u2019impl\u00e9mentation de<strong> sc\u00e9narii de menaces<\/strong> avanc\u00e9s et adapt\u00e9s aux enjeux du m\u00e9tier de l\u2019entreprise.<\/li>\n<\/ul>\n<p>Concernant le p\u00e9rim\u00e8tre de surveillance, les premiers \u00e9quipements habituellement int\u00e9gr\u00e9s sont les<strong> \u00e9quipements de s\u00e9curit\u00e9<\/strong> car ils sont nativement configur\u00e9s pour laisser des traces exploitables pour les \u00e9quipes op\u00e9rationnelles. Il est n\u00e9anmoins souvent constat\u00e9 que leur int\u00e9gration se limite \u00e0 une<strong> simple retranscription<\/strong> des contr\u00f4les d\u00e9j\u00e0 existants\u00a0; ce qui ne permet pas de tirer parti de la corr\u00e9lation d\u2019\u00e9v\u00e8nements propos\u00e9 par un SIEM.<\/p>\n<p>En revanche, l\u2019int\u00e9gration d\u2019applications m\u00e9tiers est plus d\u00e9licate en raison notamment des besoins diff\u00e9rents entre les \u00e9quipes m\u00e9tiers et s\u00e9curit\u00e9\u00a0: la principale pr\u00e9occupation pour le m\u00e9tier se r\u00e9sume g\u00e9n\u00e9ralement \u00e0 l\u2019indisponibilit\u00e9 de son application (ou de certaines de ses fonctionnalit\u00e9s), alors que la s\u00e9curit\u00e9 adresse un <strong>\u00e9ventail de risques plus complet<\/strong>, que ce soit de l\u2019<strong>indisponibilit\u00e9<\/strong>, de la <strong>compromission<\/strong> de l\u2019<strong>int\u00e9grit\u00e9<\/strong> de donn\u00e9es ou encore de la <strong>fuite<\/strong> d\u2019informations confidentielles.<\/p>\n<p>Il s\u2019av\u00e8re donc primordial de <strong>sensibiliser les m\u00e9tiers<\/strong> aux enjeux s\u00e9curit\u00e9 dans leur ensemble pour pouvoir d\u00e9terminer des scenarii de menace r\u00e9alistes et propres \u00e0 chaque p\u00e9rim\u00e8tre. De plus, ces applications n\u2019ont traditionnellement pas de fonctionnalit\u00e9s avanc\u00e9es en termes de s\u00e9curit\u00e9. Par cons\u00e9quent, il est difficile de disposer d\u2019un syst\u00e8me de surveillance efficace (configuration d\u2019envoi de logs complexe, fichiers de logs tr\u00e8s peu verbeux\u2026).<\/p>\n<p>De mani\u00e8re g\u00e9n\u00e9rale, l\u2019impl\u00e9mentation trop simpliste de contr\u00f4les dans un SIEM rend l\u2019activit\u00e9 du SOC inefficace. Les \u00e9quipes de surveillance se voient alors<strong> noy\u00e9es de\u00a0\u00ab\u00a0faux positifs\u00a0\u00bb<\/strong> et les \u00e9v\u00e8nements de s\u00e9curit\u00e9 sont trait\u00e9s unitairement au lieu d\u2019\u00eatre <strong>analys\u00e9s dans leur ensemble<\/strong> afin de d\u00e9tecter de r\u00e9els scenarii de menace (par exemple\u00a0: une authentification non autoris\u00e9e sur un serveur puis la d\u00e9sactivation de son antivirus devra \u00eatre trait\u00e9 comme un seul incident \u00e0 investiguer).<\/p>\n<h2>Des \u00e9quipes pas assez int\u00e9gr\u00e9es dans l\u2019organisation de la s\u00e9curit\u00e9<\/h2>\n<p>Outre les probl\u00e9matiques li\u00e9es \u00e0 une mauvaise impl\u00e9mentation du SIEM \u00e9voqu\u00e9es ci-dessus, on constate \u00e9galement des probl\u00e9matiques d\u2019ordre <strong>organisationnel<\/strong>.<\/p>\n<p>En effet, le SIEM est souvent per\u00e7u comme une \u00ab\u00a0<strong>bo\u00eete noire\u00a0<\/strong>\u00bb par les analystes de niveau 1 et 2 au sein des \u00e9quipes du SOC. Cela est g\u00e9n\u00e9ralement d\u00fb \u00e0 la <strong>m\u00e9connaissance<\/strong> des probl\u00e9matiques r\u00e9elles de production (identification des <em>assets<\/em> critiques, des interactions entre les diff\u00e9rents syst\u00e8mes\u2026). Les incidents d\u00e9tect\u00e9s par le SIEM se retrouvent alors tous trait\u00e9s au m\u00eame niveau <strong>sans aucune priorisation <\/strong>et identification en amont des \u00e9l\u00e9ments les plus sensibles.<\/p>\n<p>Pour maintenir un niveau de comp\u00e9tence suffisant au sein des \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle, de la <strong>veille technologique<\/strong> doit \u00eatre r\u00e9alis\u00e9e par les investigateurs niveau 3 pour ensuite \u00eatre communiqu\u00e9e aux analystes niveau 1 et 2. Des sujets tels que la<strong> pr\u00e9sentation de nouveaux IOC<\/strong> (<em>Indicator Of Compromise<\/em>) venant compl\u00e9ter des r\u00e8gles de d\u00e9tection permettront aux \u00e9quipes de gagner en efficacit\u00e9 dans leur mani\u00e8re d\u2019appr\u00e9hender les incidents. Ces types d\u2019initiatives contribueront \u00e0 l\u2019<strong>am\u00e9lioration continue<\/strong> du service en \u00e9vitant sa d\u00e9gradation dans le temps.<\/p>\n<p>De plus, les \u00e9quipes doivent <strong>participer en continu aux nombreuses initiatives<\/strong> s\u00e9curit\u00e9s initi\u00e9es par la DSI tels que des projets de s\u00e9curisation des infrastructures ou applications. Par ailleurs, des <strong>exercices de gestion de crises<\/strong> doivent \u00eatre organis\u00e9s afin d\u2019\u00e9prouver les diff\u00e9rents processus et outils mis en place et de permettre aux interlocuteurs m\u00e9tiers et s\u00e9curit\u00e9 de pouvoir \u00e9changer sur leurs r\u00f4les respectifs en cas de crise.<\/p>\n<p>Dans un contexte o\u00f9 la cybercriminalit\u00e9 ne cesse de se r\u00e9inventer (comme le d\u00e9montre l\u2019<a href=\"http:\/\/www.securityinsider-solucom.fr\/2016\/06\/retour-sur-laffaire-swift-synthese-des.html\">attaque sur les syst\u00e8mes <em>Swift<\/em><\/a> r\u00e9cente), les \u00e9quipes op\u00e9rationnelles sont de plus en plus sollicit\u00e9es pour int\u00e9grer de nouveaux p\u00e9rim\u00e8tres. Cette <strong>pression constante<\/strong> exerc\u00e9e notamment par les d\u00e9cideurs accentue les ph\u00e9nom\u00e8nes de <strong>mauvaise impl\u00e9mentation des contr\u00f4les<\/strong> et de m\u00e9connaissance des sc\u00e9narii de menace r\u00e9els. Une bonne surveillance n\u00e9cessite plus qu\u2019un simple envoi de logs dans un SIEM ; les \u00e9quipes projet doivent s\u2019efforcer de respecter et faire respecter le processus complet d\u2019int\u00e9gration de nouveaux p\u00e9rim\u00e8tres : identification des sc\u00e9narii d\u2019attaques, mise en place des m\u00e9canismes de collecte, cr\u00e9ation des r\u00e8gles de d\u00e9tection, tests et mise en production. L\u2019oubli d\u2019une de ces \u00e9tapes risque de rendre la collecte des logs du p\u00e9rim\u00e8tre inutile.<\/p>\n<h2>Quel avenir pour les SOC\u00a0?<\/h2>\n<p>De nombreux facteurs vont venir bouleverser l\u2019\u00e9cosyst\u00e8me des prestataires de la s\u00e9curit\u00e9 op\u00e9rationnelle.<\/p>\n<p>En effet, <strong>la LPM<\/strong> (Loi de Programmation Militaire) va exiger de tous les OIV (Op\u00e9rateur d&#8217;Importance Vitale) de choisir des <strong>prestataires certifi\u00e9s PDIS<\/strong> (Prestataires de D\u00e9tection des Incidents de S\u00e9curit\u00e9), pour ceux qui font appel \u00e0 de telles prestations externes. De nombreux pr\u00e9requis seront n\u00e9cessaires afin de pouvoir \u00eatre certifi\u00e9, tels que le <strong>cloisonnement des donn\u00e9es des clients<\/strong> ou la <strong>mise en place de zones d\u2019administrations<\/strong> (enclaves), uniquement accessible par le prestataire, par lesquelles les logs seront r\u00e9cup\u00e9r\u00e9s pour ensuite \u00eatre transmis au SIEM. Ces facteurs vont entra\u00eener de nombreux changements au sein des organisations et infrastructures mises en place actuellement.<\/p>\n<p>Par ailleurs, la part grandissante du <em>cloud<\/em> dans les syst\u00e8mes d\u2019information des entreprises am\u00e8ne une nouvelle complexit\u00e9\u00a0: celle de la c<strong>ollecte des logs aupr\u00e8s des fournisseurs<\/strong><em>.<\/em> De nouveaux acteurs sont donc apparus dans le march\u00e9 de la s\u00e9curit\u00e9\u00a0: <strong>les CASB<\/strong> (<em>Cloud Access Security Brokers<\/em>). Leur promesse\u00a0: r\u00e9pondre aux probl\u00e9matiques de s\u00e9curit\u00e9 pour le <em>cloud<\/em>. Ces entit\u00e9s se situent entre les utilisateurs et les divers services <em>cloud<\/em> et proposent de nouvelles briques de s\u00e9curit\u00e9 telles que l\u2019utilisation d\u2019API pour d\u00e9tecter directement des scenarii de menaces (cr\u00e9ation de fichiers de journalisation des acc\u00e8s aux applications, impl\u00e9mentation de ces donn\u00e9es dans un SIEM\u2026).<\/p>\n<h2>L\u2019objectif de demain\u00a0: gagner en maturit\u00e9<\/h2>\n<p>La s\u00e9curit\u00e9 op\u00e9rationnelle a encore <strong>de nombreux d\u00e9fis \u00e0 relever<\/strong>. La plupart des entit\u00e9s assurent actuellement l\u2019<strong>hygi\u00e8ne minimum du syst\u00e8me d\u2019information<\/strong> et la maturit\u00e9 des \u00e9quipes leur permet de se pr\u00e9munir des menaces diffuses (virus, spam\u2026). Cependant, le dispositif actuel<strong> doit se renouveler<\/strong> afin de r\u00e9pondre aux nouveaux enjeux li\u00e9s \u00e0 la cybers\u00e9curit\u00e9 pour pouvoir lutter contre les <strong>menaces opportunistes<\/strong> (hacker isol\u00e9) et <strong>cibl\u00e9es<\/strong> (cyber-mafia, gouvernement), plus complexes \u00e0 d\u00e9tecter.<\/p>\n<p>Dans ce contexte et face aux obligations l\u00e9gales, les SOC ont (et auront) un <strong>r\u00f4le tr\u00e8s important \u00e0 jouer<\/strong> n\u00e9cessitant une <strong>expertise technique approfondie<\/strong> ainsi qu\u2019une <strong>int\u00e9gration avec la s\u00e9curit\u00e9 dans les projets.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>De la cr\u00e9ation des premi\u00e8res \u00e9quipes au d\u00e9but des ann\u00e9es 2000 \u00e0 la multiplication des initiatives pour r\u00e9pondre aux premi\u00e8res attaques cibl\u00e9es dix ans plus tard, les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle ou SOC (Security Operational Center) doivent relever des challenges&#8230;<\/p>\n","protected":false},"author":1230,"featured_media":8466,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[2661,2632,1247,2662,3309,613,1074],"coauthors":[2664,2725],"class_list":["post-9163","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-casb","tag-lpm","tag-oiv","tag-pdis","tag-security-operations-center","tag-siem","tag-soc"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC - RiskInsight<\/title>\n<meta name=\"description\" content=\"Les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle (ou SOC) doivent relever des challenges de plus en plus importants. \u00c0 quelles difficult\u00e9s font face ces \u00e9quipes ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle (ou SOC) doivent relever des challenges de plus en plus importants. \u00c0 quelles difficult\u00e9s font face ces \u00e9quipes ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2016-08-23T09:53:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T09:18:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3655\" \/>\n\t<meta property=\"og:image:height\" content=\"3001\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Hamza KHARBACHI\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hamza KHARBACHI\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/\"},\"author\":{\"name\":\"Hugo.MORET@wavestone.fr\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/fdc1ec1cd9c01f1b7537f77409ea1818\"},\"headline\":\"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC\",\"datePublished\":\"2016-08-23T09:53:40+00:00\",\"dateModified\":\"2019-12-31T09:18:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/\"},\"wordCount\":1451,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg\",\"keywords\":[\"CASB\",\"LPM\",\"OIV\",\"PDIS\",\"Security Operations Center\",\"SIEM\",\"SOC\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/\",\"name\":\"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg\",\"datePublished\":\"2016-08-23T09:53:40+00:00\",\"dateModified\":\"2019-12-31T09:18:11+00:00\",\"description\":\"Les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle (ou SOC) doivent relever des challenges de plus en plus importants. \u00c0 quelles difficult\u00e9s font face ces \u00e9quipes ?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg\",\"width\":3655,\"height\":3001,\"caption\":\"DBP\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/fdc1ec1cd9c01f1b7537f77409ea1818\",\"name\":\"Hugo.MORET@wavestone.fr\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/hugo-moretwavestone-fr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC - RiskInsight","description":"Les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle (ou SOC) doivent relever des challenges de plus en plus importants. \u00c0 quelles difficult\u00e9s font face ces \u00e9quipes ?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/","og_locale":"en_US","og_type":"article","og_title":"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC - RiskInsight","og_description":"Les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle (ou SOC) doivent relever des challenges de plus en plus importants. \u00c0 quelles difficult\u00e9s font face ces \u00e9quipes ?","og_url":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/","og_site_name":"RiskInsight","article_published_time":"2016-08-23T09:53:40+00:00","article_modified_time":"2019-12-31T09:18:11+00:00","og_image":[{"width":3655,"height":3001,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg","type":"image\/jpeg"}],"author":"Hamza KHARBACHI","twitter_misc":{"Written by":"Hamza KHARBACHI","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/"},"author":{"name":"Hugo.MORET@wavestone.fr","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/fdc1ec1cd9c01f1b7537f77409ea1818"},"headline":"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC","datePublished":"2016-08-23T09:53:40+00:00","dateModified":"2019-12-31T09:18:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/"},"wordCount":1451,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg","keywords":["CASB","LPM","OIV","PDIS","Security Operations Center","SIEM","SOC"],"articleSection":["Cybersecurity &amp; Digital Trust","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/","url":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/","name":"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg","datePublished":"2016-08-23T09:53:40+00:00","dateModified":"2019-12-31T09:18:11+00:00","description":"Les \u00e9quipes de s\u00e9curit\u00e9 op\u00e9rationnelle (ou SOC) doivent relever des challenges de plus en plus importants. \u00c0 quelles difficult\u00e9s font face ces \u00e9quipes ?","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/10\/Fotolia_64163357_Subscription_Monthly_XXL-mecanisme.jpg","width":3655,"height":3001,"caption":"DBP"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/08\/cybersecurite-lheure-bilan-soc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cybers\u00e9curit\u00e9 : l\u2019heure du bilan pour les SOC"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/fdc1ec1cd9c01f1b7537f77409ea1818","name":"Hugo.MORET@wavestone.fr","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/hugo-moretwavestone-fr\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1230"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=9163"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9163\/revisions"}],"predecessor-version":[{"id":9277,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9163\/revisions\/9277"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/8466"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=9163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=9163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=9163"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=9163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}