• support@bizmanualz.com
  • Home
  • Contact Us
  • About Us
  • Help
  • My Account
Policies and Procedures SOP Manual Template WordPolicies and Procedures SOP Manual Template WordPolicies and Procedures SOP Manual Template WordPolicies and Procedures SOP Manual Template Word
  • Policy
    Procedure
    Manuals
    • CEO 9-Manual Set-45% Off
    • CFO 5-Manual Set-34% Off
    • Policy Procedure Software
    • Accounting Manual
    • Finance Manual
    • IT Policy Manual
    • HR Policy Manual
    • Sales Marketing Manual
    • ISO 9001 Quality Procedures Manual
    • AS9100 D Quality Procedures Manual
    • ISO 22000 Food Safety HACCP Manual
    • Production Operations
    • Medical Office Procedures
    • Nonprofit Procedures
    • Construction Procedures
  • Best
    SOP
    Software
  • Free
    Procedure
    Samples
  • How To
    Business
    Articles
    • Save Time Writing Procedures
    • Write Better Policies
    • Writing Procedure Manuals
    • Write Better Procedures
    • Strengthen Your Financials
      • Set Better Objectives
      • Tighten Accounting Controls
      • Improve Company Governance
      • Simplify Compliance
      • Reduce Business Risk
    • Improve Quality
      • Obtain ISO Certification
      • Make a Process Map
      • Implement ISO Quality
      • Improve Quality
      • Improve Management Systems
      • Increase Customer Satisfaction
      • Make Your Business Lean
      • Making Change Easier
    • Solve Business Problems
      • Organize Your Business
      • Business Startup
      • Be a Better Boss
      • Empower Employees
      • Grow Your Business
      • Find Business Improvements
      • Increase Innovation
    • Improve Business Processes
      • Better Sales and Marketing
      • Better Project Management
      • Improve Business Communication
      • Improve Internet Marketing
      • Improve Your Hiring Process
      • Improve Your Social Media
      • Improve Your Training
      • Improve Employee Health and Safety
      • Better Disaster Security Planning
    • Leverage Technology
      • Automate Policy Management
      • Improve Your Social Media
      • Increase Productivity
      • Analyzing Business Data
  • Lean ISO
    Consulting
    Training
    • Improve Your Training
    • Customer Testimonials
    • ISO 9001:2015 Classes | Internal Auditor Training St Louis MO
    • ISO 9001:2015 Classes | Lead Auditor Training St Louis MO
    • ISO 9000 Help | Lean Consulting Training St Louis MO
    • ISO Writer | Writing Policies and Procedures Training Class
    • Lean Training Class St Louis MO
    • FREE Quality
      Audit* Offer
0

$ 0.00

✕

How Do You Select a Virtual Security Operations Center Solution for Your Business?

Categories
  • Better Disaster Security Planning
Tags
  • Cloud Storage
  • cybersecurity
  • malware
  • risk
  • security
  • technology
  • virtual office
Virtual Third-Party SOC

Transferring cybersecurity monitoring functions to a third-party virtual contractor is not a new topic. Security Operations Center (SOC) functions outsourcing has become widespread practice not only for large companies but also for relatively small organizations. Key client questions have also changed. It is not about proving the need for outsourced SOCs per se. Customers are rather concerned about the actual technology stack and security guarantees. How do you select a virtual SOC solution for your business?

How to Select and Work With a Third-Party Security Operations Centercloud security

Can external security monitoring and rapid response centers be considered an alternative to the in-house Security Operations Center? Does the EPS (Events per Second) value constitute a fair factor in determining the cost of outsourced SOC services? Should you outsource Threat Intelligence? Let us see how outsourced SOCs protect their clients from attacks, what services, in addition to monitoring, they are ready to provide, and what the pricing in this area is based on.

Client Security is a Key Priority for an Outsourced SOC

Information security specialists monitor an increase in cyberattacks against clients through the infrastructure of managed security service (MSS) providers. But what are service providers doing to prevent such incidents and build confidence in their services? Does certification against various standards or government licensing provide a guarantee that such providers are safe and secure?

SOC Hosting PolicyCloud Hosting

Some MSS companies stick to a quite straightforward SOC hosting policy keeping their whole security operation center in the cloud. They strictly separate data that they visualize and give clients from data processed within the system. Plus, they are constantly working to find vulnerabilities and maintain the security of the product.

Corporate security is a crucial issue when introducing a new SOC service. A wide range of security practices should be applied, in particular, segregation of areas of responsibility, where different people handle incidents, have information about the clients’ infrastructure, and have access to servers located on the clients’ sites. In addition, it is advised to monitor all infrastructure yourself and allocate your SOC to a separate VLAN and a separate domain in the cloud.

Software manufacturers face the added hazard of supply chain attacks. Therefore, over the past year, they have paid increased attention to this problem, introducing an internal SOC that monitors its own infrastructure. Third-party SOCs can protect their clients only when they are also very well protected.

SOC Securitydata security protection

External audits such as certification of the SOC segment according to ISO 27001 and other standards are also an effective method of ensuring a high level of protection. The minimization of external products in the technology stack also helps to reduce the vulnerability of the service provider.

When choosing a SOC service, a mature client should ask the supplier a question: “To what extent are you going to ensure the security of the service you are providing?” When making decisions to outsource SOC functions, the client company should carefully consider all the associated risks. The service provider should not solely control these risks; the client should reserve the ability to monitor the relevant processes.

Most companies believe that only non-hazardous areas can be outsourced. The vast majority are not ready to entrust monitoring of key business processes and systems to third parties.

Functions, technologies, and pricing of an external security monitoring center 

The maturity of the client’s information security largely determines the demand for certain services.

What Features of a SOC-as-a-service are Most In-Demand Today? Information Deployment

The information technology infrastructure of the client is also important, for example, the topology of its network. A modern outsourced SOC can provide a vast range of services. Most often, the service provider has different departments responsible for specific services. Typically, cooperation with the SOC begins with establishing a secure channel between the client and the service provider, as well as informing the client about the incidents or malware detected. As the cooperation develops, additional areas of responsibility may be outsourced.

How Good is the Position of companies that, instead of a third-party SOC, resort to a cloud SIEM system, which also generates notifications? 

Experts believe this is a shortsighted approach. Processing and interpreting information from SIEM requires skilled professionals and advanced response routines that an outsourced SOC has by default. Using a ready-made SIEM will lead, first of all, to a huge number of false positives that need to be further analyzed.

What are Indicators of a Company’s Maturity and Readiness for an External SOC? 

If the customer begins to think about connecting to a commercial SOC, he already feels the need for such services. Using behavior analytics to boost business cyber-security is an options. At the same time, there is no clear line that determines the need for an external SOC. When choosing a third-party SOC, the organization should, first of all, pay attention to the following:

    • Professional level of service provider’s specialists
    • Ability to integrate with existing protection tools
    • Affordable price

What Technology is Behind an Outsourced SOC?Internet of Things IoT

To a large extent, this component depends on the client and assessment of various risks by the client. It is important, for example, whether the client is ready to work with a data center located abroad. If the client is going to launch an in-house SOC in the future, he will select a provider that uses the same technology stack.

What Does the Price Depend On?

One of the determining factors in setting price rates for external SOC services is the EPS (Events Per Second) value, which characterizes the load on the SIEM system, as well as the labor costs of analysts. It should be noted that, with some SIEMs, the key pricing factor might not be EPS, but the number of hosts supported, or incidents identified. The cost is also influenced by the number of customized, designed specifically for this client, connectors to sources, and response scenarios. If the client’s data is stored in the provider’s cloud, the cost may depend on their storage period.

If the client cannot determine the planned EPS or the number of events per second has increased significantly during operation, the providers try to find a compromise. For example, they try to reduce the EPS value by turning off insignificant points that give the most significant number of false positives.

Responsibilities of a Third-Party SOC

IT Changing Business

Most experts believe that the third-party service provider can only be responsible before the client within the scope of its monitoring area.

Should a Third-Party SOC be Held Responsible for Missing an Incident? 

SOC providers should not be held liable for all missed incidents. At the same time, a third-party SOC should not be exempted from liability completely. The contracts of the external monitoring center usually clearly specify the provider’s area of ​​responsibility and the areas controlled by it.

Within the framework of these provisions, the service provider may bear a certain responsibility on equal terms with the customer, since the detection of an incident depends not only on the competence of the SOC, but also on the infrastructure and actions of the customer. While most providers guarantee the availability of the service within the established SLA, they are not ready to bear unconditional financial responsibility for missing information security events. One of the options for resolving the issue of liability can be insurance of risks; despite increasing the contract cost, this allows both the client and the provider to cooperate on convenient terms.

Should a Previously Hacked Outsourced SOC Offer its Services to the Market?

On the one hand, such a center can be given a chance to rectify the situation. However, past hacking incidents prove a lack of skill and poor procedures.

How Can a Client Keep Track of SOC Activities? 

One option could be a third-party audit performed before contracting or during the operation. Another approach to solving the problem relies on the transparency of the provider’s service and the ability to analyze the accumulated raw data. In some cases, the storage of the operational archive at the client’s facilities can be provided. The client can also independently or by external specialists carry out an attack simulation or a penetration test in order to assess the SOC performance.

How to Switch Security Monitoring Centers?Security Monitoring

What should a client do if he decides to move to another SOC or establish an in-house monitoring center following a period of cooperation with a third-party provider? What happens to the accumulated data? First of all, please note that before deciding to switch to a new provider, you should weigh the pros and cons, as well as negotiate with the old service provider. The costs of arranging interactions with a new team may exceed the benefits of working with them.

As for creating your own SOC, experts recommend using a hybrid model, gradually transferring the monitoring center functions to an in-house team. Thus, it is possible to avoid security control gaps and smoothly build up the necessary competencies.

When opening an in-house SOC, it makes sense to leave the most cumbersome functions to the provider as his team possesses broader expertise in those areas. It would be reasonable to leave the analysis of detected malware, incident investigation, and threat intelligence to an external contractor. One of the most challenging problems that arise during the transition to a new SOC (both in-house and third-party) is the change in incident response processes and work scenarios.

Virtual Security Operations Center

SOC providers are ready to offer their clients a wide range of services ranging from basic monitoring functions to qualified incident response and investigation. The market for such services is already fully developed, and competition is pushing providers to further expand their tools and offer flexible and competitive pricing. The ability of a SOC to work effectively using the outsourcing model largely depends on the client’s maturity, the readiness of the client’s infrastructure, cybersecurity skills, and information security specialists ability to interact with an external team. The availability of an in-house SOC by no means excludes the possibility of cooperation with an external service provider. Many providers are ready to work with clients on a mixed basis.

Balaban, David Author Bio: David Balaban is a computer security researcher with over 18 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.

Share

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Products

  • AS9100 D Quality Procedures Manual AS9100 Quality Procedures Manual Rev D | ABR217M Aerospace Quality Procedures Manual $ 395.00 $ 297.00
  • Accounting Policy Procedure Manual MS-Word Template Accounting Policies and Procedures Manual
    Rated 4.47 out of 5
    $ 495.00 $ 397.00
  • Finance Policy Procedure Manual Finance Policies Procedures Manual | ABR42M
    Rated 4.20 out of 5
    $ 495.00 $ 347.00
  • it standard operating procedures IT Policies and Procedures Manual
    Rated 4.50 out of 5
    $ 495.00 $ 397.00
  • Human Resources HR Policy Procedure Manual HR Policies and Procedures Template | ABR41M
    Rated 3.89 out of 5
    $ 495.00 $ 347.00
  • Sales Marketing Policy Procedure Manual Sales Marketing Policies and Procedures Manual | ABR44M
    Rated 4.00 out of 5
    $ 495.00 $ 347.00
  • Security Policy Procedure Manual Security Policies and Procedures Manual $ 395.00 $ 297.00
  • Disaster Recovery Policy Procedure Manual Disaster Recovery Planning Manual
    Rated 4.00 out of 5
    $ 395.00 $ 297.00
  • ISO 9001 Procedures ISO 9001 2015 Procedures | ABR211M
    Rated 4.60 out of 5
    $ 495.00 $ 347.00
  • ISO 22000 Food Safety Procedures Manual ISO 22000 Food Safety Procedures Manual | ABR213M
    Rated 3.83 out of 5
    $ 395.00 $ 197.00
 Free Sample Policies Procedures

accounting automation brand identity business business process change communication compliance Covid customer cybersecurity data data analytics digital marketing Ecommerce email employee hiring ISO 9001 lean management marketing metrics online policies policy procedures process productivity project management quality remote work risk security SEO social media software startup strategy team technology tools training website writing

Get to Know Us

About Bizmanualz

Our Customers

Our Contributors

Featured Products

Business Manual Products

OnPolicy Procedure Software

FREE Policies and Procedures

Privacy Policy

FAQs

Risk Free Guarantee

Process Improvement

Contact Us

Top Business Blog Posts

What is a Procedure?

What are Policies and Procedures SOPs?

What is the Purpose of a Procedure Manual?

What is the Difference Between Policies and Procedures?

How to Create a Standard Operating Procedure

What are the Top 10 Core Business Processes?

Are Procedures the Same as Work Instructions?

What Business Policies Does Every Company Need?

How to Start Writing Policies and Procedures

Business Procedures

Accounting Manuals Template

Finance Procedures

HR Procedures

IT Policies and Procedures Templates

Sales Marketing Procedures

Quality Assurance Policy Statement and Procedures

Medical Office Procedures

Employee Handbook Manual

Aerospace Procedures

Food Safety Procedures

Security & Disaster Plans

Production Procedures

Procedure Writing Guide

Featured Manuals

  • Alt Text CEO Bundle and Document Management Software Package $ 2,495.00 $ 1,857.21 one time, and
    $ 990.00 / year
  • St. Louis ISO auditor training class ISO 9001:2015 Classes | Lead Auditor Training St Louis MO $ 2,395.00 – $ 3,270.00
  • Standard Operating Procedures (SOP) 9-Manual CEO Company Policies and Procedures Bundle | Save 45%
    Rated 4.29 out of 5
    $ 2,495.00 $ 1,997.00
  • CFO Responsibilities Financial Accounting Procedures 5-Manual CFO Internal Control Procedures Bundle| Save 34%
    Rated 4.58 out of 5
    $ 1,695.00 $ 1,497.00
  • AS9100 D Quality Procedures Manual AS9100 Quality Procedures Manual | ABR217M Aerospace Quality Procedures Manual $ 595.00 $ 499.00
Copyright ©1999-2023 Bizmanualz, Inc. All Rights Reserved | Sitemap | Privacy Policy
0

$ 0.00

  • Home
  • Contact Us
  • About Us
  • Help
  • My Account
✕

Login

Lost your password?

Create an account?

Go to mobile version