Authors: Ionut – Daniel BARBU & Cristian PASCARIU
Published: SRAC CCF 2016
The purpose of this paper is to emphasize the advantages of transitioning from the classic Security Operations Centers into an advanced model that leverages intelligence to understand and anticipate threats targeting the organization. By tackling the proactive vs. reactive approach towards cybersecurity it is intended to present a comparison between the two models. Initially it focuses on the ability to anticipate threats before they become incidents and also on the drawbacks of the classical SOC including the reactive security posture and monitoring. Furthermore, the article analyzes the impact of such a transition to both processes and people. It is worth mentioning the automation aspect of the migration which enables the human to separate from routine activities, allowing them to focus on the intelligence gathered. As the enterprise oriented tools from various vendors are intended to work for everyone but are optimized for no one, the authors highlight the importance of deploying custom tools supported by knowledgeable engineering teams. On that matter, the final part of the paper is dedicated to honeypot deployment by underlining their benefits from a Threat Intelligence perspective.
 SOC vs. SIC: The Difference of an Intelligence Driven Defense Solution, Lockheed Martin Corporation – Reviewed 2nd of March 2016
 The Six Stages of Incident Response, Dark Reading, 2007 – Reviewed 14 of May 2015
 http://www.lockheedmartin.com – Reviewed 28 of March 2016
 https://en.wikipedia.org/wiki/Advanced_persistent_threat – Reviewed 2nd of May 2016
 https://en.wikipedia.org/wiki/Honeypot_(computing) – Reviewed 3 rd of June 2016
 Naveen, Sharanya. "Honeypot" – Reviewed 1 st of June 2016.
 Lance Spitzner (2002). Honeypots tracking hackers. Addison- Wesley. pp. 68–70. ISBN 0-321- 10895-7. – Reviewed August 2014
 BARBU, I.D., PETRICĂ, G. (2015). Defense in Depth Principle to Ensure Information Security. International Journal of Information Security and Cybercrime, 4(1), 41-46. Retrieve from http://www.ijisc.com
 MIHAI, I.C., PRUNĂ, Ș., BARBU, I.D. (2014). Cyber Kill Chain Analysis. International Journal of Information Security and Cybercrime, 3(2), 37-42. Retrieve from http://www.ijisc.com
 An introduction to threat intelligence, CERT-UK – Reviewed July 2015
 http://www.honeyd.org/concepts.php – Reviewed September 2015