Description #

Our Security Operations Center (SOC) service is crucial for safeguarding against unauthorized access by both internal and external threats and is available through two primary options: via Microsoft Sentinel and via an in-house developed Security Information and Event Management (SIEM) solution. This service offers:

• Proactive Threat Detection. Utilizing cutting-edge security technologies and analytics, our SOC identifies potential security incidents in real-time, leveraging the advanced capabilities of Microsoft Sentinel or the bespoke analytics of our in-house developed SIEM solution.
• Incident Response. Executes predefined actions such as account lockouts or workstation isolations to mitigate risks, tailored to integrate seamlessly with either Microsoft Sentinel or our custom SIEM.
• Compliance and Monitoring. Ensures devices and network activities comply with corporate security policies and regulatory standards, with tailored approaches for each solution.

IT Partner responsibilities #

For Microsoft Sentinel:

1. Deploy Microsoft Sentinel, configuring it to seamlessly integrate with your Azure environment for optimal threat detection and response.
2. Manage and maintain the Sentinel environment, including rule creation, dashboard monitoring, and alert configuration to ensure comprehensive coverage.

For In-House Developed SIEM Solution:

1. Design and develop a bespoke SIEM solution tailored to your specific security requirements and IT infrastructure.
2. Integrate the custom SIEM solution into your IT environment, ensuring it operates efficiently with ongoing maintenance and updates.

Common Responsibilities:

1. Regardless of the chosen solution, provide round-the-clock surveillance to detect and alert on potential security threats.
2. Promptly manage detected threats by executing agreed-upon actions to contain and mitigate risks.
3. RDeliver detailed security incident reports and provide strategic advice for enhancing security posture.

Client Responsibilities #

Common across both options:

1. Ensure readiness of IT infrastructure to support SOC operations, including necessary network configurations.
2. Maintain open lines of communication with the IT Partner, facilitating collaboration and swift decision-making.
3. Work alongside the IT Partner to ensure that security policies are adhered to and regulatory compliance is maintained.

Additional Cost Items Not Provided by the Project #

1. Advanced Analytics and Threat Intelligence. For enhanced detection capabilities, subscriptions to additional threat intelligence feeds may be required.
2. Extended Detection and Response (XDR) Integrations. Integration with XDR solutions for broader threat detection and response capabilities.
3. Long-term Maintenance and Support. Ongoing support and maintenance contracts for the chosen solution beyond initial deployment.

Prerequisites #

1. For the Microsoft Sentinel option, an active Azure subscription is required.
2. For the in-house developed SIEM, detailed technical requirements and specifications must be established.

Plan #

A tailored implementation plan will be developed based on the selected option, typically involving:

1. Define security goals and select the appropriate SOC service option.
2. Implement Microsoft Sentinel or develop and integrate the custom SIEM solution.
3. Conduct thorough testing to ensure operational efficacy and fine-tune the system.
4. Transition to active monitoring, with continuous evaluation and adaptation of strategies.

Success Criteria #

1. Demonstrated capability to identify, alert, and respond to security threats in real-time.
2. Seamless integration of the chosen solution with existing IT infrastructure and processes.
3. Positive feedback from the organization on the SOC service's impact on improving the security posture.
4. Selecting between Microsoft Sentinel and an in-house developed SIEM solution allows organizations to tailor their SOC services to best fit their specific security needs, operational environments, and strategic goals.