What to look for in a SOC as a Service provider

The days of Anti-virus and firewalls being sufficient security for your network and cloud are past. The bad actors are getting past these systems in droves, there needs to be active monitoring in place but building a Security Operations Center is expensive, time consuming, and the people to staff it are hard to find. That’s where SOC-as-a-Service comes in.

Benefits of SOC as a Service

  • Little or no Capex
  • Fast to get started
  • No need to hire additional staff
  • Gain the expertise and coverage of a skilled security team
  • Affordable consistent monthly cost with no long-term contract

What to look for in SOC as a Service provider

Features

These are the features you need in place to have an effective SOC

  • Vulnerability Assessment – greatly reduces the chance of a breach
  • Asset Discovery – unknown assets are easily exploited and need to be found – it is also important to know which systems contain the important information so they can be carefully monitored
  • SIEM and Log Management
  • Network and Cloud sensors
  • Endpoint Agents
  • Real time monitoring

Processes

  • Do they integrate with your existing ticketing system
  • Do they call if there is a threat
  • Will they help with remediation
  • Are they like an extension of your IT team
  • Do they hunt for threats or just respond to alerts

Questions to ask

What platform are you using for the service?

It is best to go for a provider that is using a mainstream platform such as Alienvault. If a provider is trying to develop their own platform

The most important asset you gain with SOC as a Service

When choosing a SOC as a Service, what you are really gaining is a team by your side in the fight against cyber threats.

Checklist for Building a SOC

  • Evaluate what you are currently doing