Wanted to check on SOC. Can there be an IT SOC and an OT SOC. Is it right to say so. Or is it just one SOC and have a SIEM separately for IT and OT. In one of our groups we had this endless debate about SOC, each side backed with their own experience and opinions. What do you think is the right approach, any document/whitepaper you can share that you know of.
It’s an open question. My personal view is the end state will be one SOC with one SIEM and OT experts as Level 2 and Level 3 support for the SOC. If you look at the attack paths they almost always come through IT, exception is removable media, so you would want to have it unified. In a way this is an extension of the “where should OT security staff and responsibility be located” question.
Wanted to check on SOC. Can there be an IT SOC and an OT SOC. Is it right to say so. Or is it just one SOC and have a SIEM separately for IT and OT.
In one of our groups we had this endless debate about SOC, each side backed with their own experience and opinions. What do you think is the right approach, any document/whitepaper you can share that you know of.
It’s an open question. My personal view is the end state will be one SOC with one SIEM and OT experts as Level 2 and Level 3 support for the SOC. If you look at the attack paths they almost always come through IT, exception is removable media, so you would want to have it unified. In a way this is an extension of the “where should OT security staff and responsibility be located” question.