Managed SOC Tutorial in 5 Minutes

Managed SOC Tutorial in 5 Minutes


A Managed Security Operations Center (SOC) is a cybersecurity solution that monitors and protects data across a business or enterprise. For a quick tutorial, read more.

 

What is a Managed Security Operations Center (SOC)?

A Managed Security Operations Center (SOC) is a business security solution that protects websites, web applications, online data, cloud databases, servers, networks, data centres, and even individual computers and devices. Across a workforce and enterprise, an SOC is a comprehensive solution to cybersecurity needs. Per Wikipedia:

An information security operations center (ISOC or SOC) is a facility where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended.

 

What is a SOC management system?

A SOC management system is a term that is often synonymous with a Managed Security Operations System. However, when speaking casually, sometimes a SOC management system can refer to a system that replaces the large staff of people typically working within a SOC. So, an “SOC management system” is sometimes an automated cybersecurity system that costs much less than a fully-staffed and managed SOC.

 

What is a co-managed SOC?

A co-managed SOC is a cybersecurity solution that combines an off-site security team with on-site employees or staff. Sometimes, a business or enterprise wants to retain some on-site control of their security monitoring and defence — without paying for a full-time security team. In such a case, a business may opt to pay for an off-site third-party SOC solution AND having one or more full-time employees or staff on-site at their offices or headquarters. This hybrid solution is called a co-managed SOC, and is intended to optimize costs while maintaining a bit more control.

 

SIEM vs SOC

A Security Information and Event Management (SIEM) system refer to a comprehensive cybersecurity solution for businesses, organizations, and enterprises. A Security Operations Center (SOC) generally refers to a staff or team of people who provide security solutions within a business, organization, or enterprise. So, a SOC may be part of a SIEM, or manage a SIEM.

 

Who are some top managed SOC providers and solutions?

SOC providers and solutions offer a managed Security Operations Center solution that allows businesses to have as much hands-on control over their cybersecurity as they’d like. Here are some of the top SOC providers whom we work with and recommend:

 

AlienVault (now AT&T Cybersecurity):

AlienVault is an excellent product that comprises all solutions that one small to midsize company needs. AlienVault is one of the few SOC providers on the SaaS cloud. After the AT&T acquisition, they have started focusing on the large enterprise as well. AlienVault covers services like: Cyber strategy and risk, identity and fraud, endpoint security, network security, and threat detection and response. This is an excellent SOAR platform as well. However, they don’t provide the full monitoring service, and going with an MSSP (like Sennovate) is a great way to get a better return on investments. Also, this is very cost-effective compared to other services in the marketplace, and a great fit for modern organizations.

 

LogRhythm

LogRhythm is one of the SaaS cloud-based log aggregation, orchestration, and monitoring, service providers.  They have an excellent log aggregation platform. However, if you would like to take their MSSP services, it will be way too expensive. Also, this may not cover all spectrums of SOC. This tool is good if you look for the SOAR capabilities only. It is recommended to go with an MSSP who can manage this, in addition to other security products you might have already in place.

 

FortiSIEM

FortiSIEM is a popular brand of SIEM products. This is a feature-rich product suitable for the customers who have more of a legacy environment and started transitioning to the cloud. This allows lots of customization, but it is painful to manage and maintain by yourself. On the cloud, only a hosted solution is available. You can either install VM in on-premises or on the hosted cloud. You need to be busy around the year to get the best of this product. Maybe working with the right partner will remove the headache of maintaining the expertise internally and will be proved to be cost-effective.

 

Splunk

Splunk is the most popular SIEM product in the market. Line any other SIEM product they have started introducing more SOAR capabilities. However, this is purely for event management. Also, they are covering DevOps and Analytics in their solutions. You still depend on other products to enhance your security. If you have all security products in place and monitor events, this comes in handy. However, if you want to have a security focus portfolio, this may not meet your requirements. This is also available on SaaS cloud, apart from the traditional implementation methods.  

 

What is SOC incident management?

After a security threat has occurred, incident management dictates how a business or enterprise will respond. First, the system defends against the cybersecurity threat. Secondly, incident management must return the system to full operational status, as if the threat hadn’t occurred. Thereafter, incident management should learn from the threat, and apply additional security measures and learnings to protect against similar future cybersecurity threats.

In general, the steps of incident management might look like this:

  1. Security monitoring identifies a threat
  2. Security system responds to threat
  3. Security system identifies vulnerabilities
  4. Security system repairs any damage done
  5. Security system learns from threat to create future countermeasures

 

What is a typical managed SOC pricing?

Managed SOC pricing ranges from $750/month to $50,000/month, depending on the needs of a business or enterprise. At the lower price tiers, the security solution provides general business data security monitoring, defence, and reporting. At the higher prices, the managed SOC provides a dedicated off-site security team to an enterprise.

What should your business expect to pay? The price is based on the size of logs you are going to monitor and your retention policies. For Example, the AT&T website says that the starting price is $7,595 for the managed threat and response. Remember, this will not cover all aspects of SOC.  However, if you chose to go with MSSP for your managed SOC requirements,  you can expect an average of about  $5000 -. $8,000 per month for a company of 1000 employees. There is no hard and fast rule for pricing. A better requirement definition will dictate the right pricing. 

 

What are typical SOC compliance management issues?

Generally, SOC compliance issues are related to customer data protection, financial data protection, and general business data protection. As a general rule, cybersecurity compliance demands that business cybersecurity solutions stay up-to-date with the latest threats, and are able to respond accordingly.

Sarbanes-Oxley (SOX)

The Sarbanes-Oxley Act is intended to protect shareholders from accounting fraud and errors, while increasing the accuracy of disclosures.

General Data Protection Regulation (GDPR)

GDPR is intended to protect personal data for citizens of the European Union. GDPR is intended to motivate businesses to stay up-to-date with cybersecurity threats and provide security solutions to match.

Payment Card Industry Data Security Standard (PCI DSS)

Specific to credit card and payment cardholders, PCI DSS compliance is intended to protect payment card data and the handling of credit card data.

 

Do I need a SOC consultant near me?

Maybe. The most important factor is experience and effective workflow, whether in-person, on-site, virtual, or off-site. That said, we think working with a SOC consultant near you is an advantage. This will allow your SOC consultant to better communicate with existing IT teams, and better understand your current information architecture. A non-local SOC consultant  becomes a good option if they follow security best practices, and have an established virtual workflow. Why? Location is less significant when virtual workforce tools are effectively adopted by consultant and client, whether a small business or global enterprise. Plus, on-site SOC consultants can become costly. Bottom line, look for a SOC Consultant who offers an excellent communication process, clear workflow, and custom managed Security Operations Center solution for your business.

 

Have questions about implementing a Managed SOC?
Email [email protected] or call (925) 918-6618 

 

READ MORE

The 5-Minute Identity and Access Management Tutorial

Privileged Access Management Requirements in 2020

The Insider’s Guide to Okta Adaptive MFA Pricing

The Guide to Modern Types of Multi-Factor Authentication

How to Get an Accurate Okta Quote

How to Migrate to Okta from Oracle Access Manager

 

About Sennovate

Sennovate delivers custom identity and access management solutions to businesses around the world. With global partners and a library of 1000+ integrations, we implement world-class cybersecurity solutions that save your company time and money. We offer a seamless experience with integration across all cloud applications, and a single price for product, implementation, and support. Have questions? The consultation is always free. Email [email protected] or call us at: (925) 918-6618