When sourcing SOC as a service, it’s critical to understand what to expect from the provider. Regardless of the SOC service provider you choose, look for the following functional features:
The SOC vendor should provide a customer web portal that has multifactor authentication and role-based access control. The portal should include analytics and visuals, real-time updates, SOC service provider ticket status, and reports that may be tailored to different types of users (executives, SOC employees).
The SOC services should integrate into your organisation’s security incident response.
The vendor should be able to provide requested services 24/7 year-round, offer multiple communication methods such as phone and email and have demonstrated experience quickly escalating significant events and incidents to appropriate customer staff.
The SOC should provide requested services from at least two geographically distributed sites to ensure redundancy and the ability to recover from a disaster.
The SOC service provider should have staff certified for the significant cybersecurity technologies they are monitoring or managing at your organisation.
Mature Threat intelligence feeds from multiple sources need to inform SOC operations like alert tuning and strategic level inform industry-specific trends to be on heightened alert to.
Have they discussed your use case scenarios to inform alert tuning to match your baseline of operations.
Incident response integrate with your insurer and what do they know about your industry-specific regulatory requirements.
A secure SOC protects itself:
A SOC exists to help manage your risks more effectively, which means the SOC itself must be protected adequately. A SOC must have mechanisms, processes and procedures to ensure that it can protect itself against threats comparative to those being faced by its customers. This includes protecting the service itself, and the data within it.
The SOC provider must be able to demonstrate that they understand the architecture of their monitoring system. A provider should be able to provide documentation to include:
An overview of the system elements, such as perimeter, host and network, and specific application-based agents.
Clearly annotated network diagrams, which demonstrate a comprehensive understanding of how the SOC architecture is designed and managed.
Related technical documentation demonstrates how architectural components are used to actively monitor the environment.
Mechanisms for managing the control of privileged user access.
The monitoring and control of privileged user access, demonstrating an understanding of who has access and their activity.
Which parts of the architecture allow for automation, and which parts require analysts.
Descriptions of what the sensors within the monitoring service actually do.
What a SOC won’t do:
Make infrastructure changes or updates.
Apply suggested mitigations like least privilege to your environment
Prevent exploitation of unsupported software/hardware/apps
Replace your AV
With the rapidly changing world of threats and cybercrime, it is important for companies to have the best SOC service providers working for them. Working with D2NA Cyber SOC ensures that your business gets the required procedures for threat detection. We have a highly diversified and experienced team of cybersecurity professionals who can definitely help you with that. Book a customized security consultation today with one of our Security experts to help you determine your security operations needs.