Becoming a highly regarded and appreciated SOC operator — the tools you need in your toolbox

So, you’ve recently been hired to become a SOC (security operations center) manager for a major organization. You are obviously very excited. You’re told that your role is to monitor — at all times — the organization to ensure it isn’t and won’t experience any cyber attacks. And, if an attack does take place, your role as SOC operator means you need to detect, analyze, understand and block the attacks as soon as possible. You need to be very, very efficient and highly effective in order to minimize, as much as possible, the negative effects of any attacks. Time is money, as they say, and you are told it is very important to be able to provide an elaborate report on any attacks, not just the “high-profile” ones.

You are pumped up, energized and ready to go! The faith of the organization falls on your shoulders! But…are you ready? Do you have the right toolset at your hands to assist you to do your job properly?

It might be worth it for you to continue reading to find out what is an appropriate toolset that enables SOC operators to do their job properly. Then you can judge for yourself if you have the right one.

The Day (well, Night) Begins

It’s now 8pm. You’ve just entered work and made a fresh cup of coffee. It is another day at work. Well, night…you took the “graveyard” shift. You are sitting in front of your monitors, ready to battle DDoS villains from across the world. You look at the monitors where your main security dashboard is and see that currently there is no report of an attack taking place. An “easy” hour goes by and, all of a sudden, a new alert pops up to show you that an attack is underway. It is clear from the dashboards that a “SynP” attack is taking place. “OK”, you say, “it is time for me to step in and start looking into the attack to help me decide which protection(s) I should run (manually!). After all, no one is going to do my job for me.”

You then navigate to the other window in order to focus on the various protections offered by your DDoS security system. You’ll need to choose the right one(s) from a long, long, long list. Finally, you select the protections that seem like the right ones to employ. Then you click on a protection and you are moved, yet again, to another window (this the 3rd one) in order to start tuning protections for SynP. However, halfway through you say to yourself, “Wait, is the attack still going on? I can’t tell because I am now on another window, the protections config. window.”

You switch between windows to see that the attack is indeed still going on. But, wait, it has changed vectors. Now it’s not SynP, but rather a DNS attack. “Oh, my goodness,” you say to yourself, “if only I could tell that the attack had changed vectors in real-time as it happened. I could have saved time selecting the right protection(s) for DNS, instead of for SynP.”

Halfway through setting and tuning the protections, your manager charges into the room. “I understand we are being attacked by, well, some type of attack. Maybe SynP, maybe DNS? Listen, management is already aware of this because customers are starting to call and complain about response times and serviceability issues. What are you doing about it? Can you generate a report for me with the attack lifecycle? And with history and explanations? Have you already mitigated the attack(s)? Upper management is somewhat stressed out, to say the least. I need to calm them down!!!! Do you have anything???”

“If I only had…”

Fast forward a bit; the night and your shift are over. Wow! It has been a few hours since you finally managed to mitigate the attack. You take a few minutes to think over what you went through tonight — tried to “handle” the attack and do your job. You think to yourself If I only had a system that:

1. Consolidates everything in a single window, pane-of-glass (something that doesn’t force me to jump back and forth between windows in order to manage an attack. The intensity of the attack is stressful enough!).

2. Handles at least some of the attacks automatically, without me needing to manually choose, create and tune a mitigation for every attack.

3. Allows me to easily and intuitively generate elaborate reports by simply clicking a button on the same window on which the attack analytics are being reported. Then I could show my manager(s) — and their managers — a comprehensive status of the attack (after all, I need to calm them down and get them off my back).

Well, look no further!

You’ve just read exactly what the Radware Cyber Controller DDoS Management Solution provides. At the heart of Radware’s Cyber Controller stands the SecOps feature, which is one of the most efficient and effective mechanisms in the industry to provide complete and holistic DDoS attack lifecycle management functionality. SecOps has it all — and in a single pane-of-glass! — including the following:

  • Attack status – Under attack? What type(s) of attacks?
  • System status – What is the status of each of my DDoS detection and mitigation devices?
  • Automatic mitigation that kicks in to cover for a wide range of attack types without the need for manual action(s).
  • Automatic (additional) actions, including automatic traffic diversions that take place following pre-configured conditions. It allows for fast and error-proof attack mitigation, including, while on attack, BGP traffic diversion and re-diversion.
  • A variety of actions that can be taken from the same main SecOps window. These include, but aren’t limited to, protection refinements, reports generation and visibility of the attack status (Is it still going on? Has it changed vector(s)?).

With Radware’s Cyber Controller SecOps, you are able to automate detection, mitigate attacks, take action(s) to save time and hassles and provide error-proof attack handling. With Radware’s Cyber Controller SecOps, all of the dashboards, configuration widgets, and more, are always right in front of you — at all times. You never lose control over the attack at any point in time. It is all so intuitive, simple and fast. And you know what they say — “Fast is time and time is…Money!”

For More Information

Click here to learn more about Radware’s Cyber Controller. If you’d like to speak with one of the talented and tenured cybersecurity professionals at Radware, you can reach them here. They have been helping organizations fight off cyber crime for a quarter century. They would love to hear from you.

If you’re going to attend the RSA Conference in San Francisco on April 24-27, make sure and stop by the Radware booth (#2139). Meet with our team of experts and take your cybersecurity to the next level. Better yet, you can set up an appointment with them here.


Dror Zelber

Dror Zelber is a 30-year veteran of the high-tech industry. His primary focus is on security, networking and mobility solutions. His holds a bachelor's degree in computer science and an MBA with a major in marketing.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center