SOC - as - a- Se r vic e

Every Business is under ATTACK and will likely be breached

Ransomware APT Malware Phishing Insider Man-in-the-

Attacks Middle(MITM)
Current SOC Challenges

In-House SOC Managed SOC

NOT A FEASIBLE OPTION AND COMPANY TRIES TO AVOID AFFORDABLE

Lack of skilled labor Holistic Security provided by MSSP provider

Hard to Retain Skilled Talent All Software / Hardware / Resources provided by MSSP

Costs Lot of Time, Money and Expertise Affordable 24x7x365 SOC for all levels of companies

Recurring Software Licenses & Hardware cost Monthly cost without Headache
 OUR SECURITY OPERATION CENTRE (SOC) OFFERINGS

SOC
SOC CONSULTING
BUILD- OPERATE- TRANSFER

SOC MANAGED SERVICES

OUR SOC SERVICE OPTIONS

FULLY MANAGED HYBRID/CO-MANAGED CUSTOMIZED

SOC-AS-A-SERVICE SOC-AS-A-SERVICE SOC SERVICE

Monthly Subscription Based Customer owns the We will work with you to
Service where we own, manage SIEM/Security Solution, we build a unique solution that
and monitor 24/7/365 Turnkey co-manage and monitor it meets your needs, budget,
SOC and SIEM product for your 24x7 with our SOC and timelines.
organization
TURNKEY SOC-AS-A-SERVICE

24X7 SOC-as-a-Service Proposed Components

• 24X7 Eyes-on-screen SOC Monitoring

• SIEM Platform (Elastic SIEM - Cloud Enterprise / Option of Client's choice SIEM)

• AWS/Azure/Google based Cloud

• Multi-Tenancy (Customer Access to SIEM Supported)

• Gold 30-Minute SLA for Critical security alerts

• Customized Use Cases, Reports, Custom Log Sources

• Archive Log retention

• Vulnerability Mgmt. & Custom Log Source Integrations Supported

 GOLD LEVEL SLA AND SOC MEETING SCHEDULE

GOLD LEVEL SLA HighLights

Security Incident Severity Critical(10,9) High(8) Medium(4,5,6,7) Low(1,2,3)

Initial Recognition 30 min 30 min 4 hrs 8 hrs

Initial analysis & Ticket
30 min 60 min 8 hrs 24 hrs
Creation
Customer Collaboration
30 min VBI 4 hrs 4 hrs
(as-needed)

Ticket Follow-up & Updates 30 min 30 min 8 hrs 24 hrs

SOC Regular Customer Interaction Meetings

Purpose Customer Teams Frequency

Discuss weekly list of security incidents, focusing on Critical(P1) and high (P2) Customer Information Security Operation Weekly
incidents and associated outcome and related recommendations Team
Review and discuss summary of all security incidents for the previous month and Customer Information Security Operation Monthly
provide recommendations and guidance for improving overall security posture Team and Affiliates IT Leaders

Review and discuss major recommendations and associated activities as discussed Customer and Affiliate Information Security Quarterly
over monthly meetings. Also obtain customer direction on overall IT Security and IT Senior Leadership
roadmap
SOC DEPLOYMENT AND TRANSITION METHODOLOGY

1 2 3 4 5
SIEM Environment Ongoing Operational
Project
Phases

Project Initiation and SIEM System Integration and

Support
Deployment and
Planning Design Review Transition
Tuning

• Kickoff • Process and Data Gather • Deploy SIEM • Stage Transition to • SIEM Real-Time Event
Project Phase Activities

• Service Scope and Goals • Detailed Requirement • Configure SIEM Operational Support Monitoring and
• Onboarding Definition & Planning • Data Gateway • Reports Definition & Notification
• Key Stake Holders • SIEM Architecture Design Deployment Validation • Reports Generation
• Deliver Project Plan Review • Configure Log Sources • Change Management Review and Analysis
• Service Artifact Request • System Design Review • Use-case Definition Processes • SIEM System
• Requirement Definition & • Log Source planning Workshops • Document Runbook Management
Planning • Networking Review • Use Case Creation • Ticketing integrated • Delivery Monthly
• Establish Connectivity • Open Change Requests • Custom Properties • Communication and • Operational Report
• Tune Environment Escalation Plan
• Test Data Integrity and • Readiness Assessment
GUIs • Initiate Steady State
• Resolve any errors Operations

• Deployment Architect • Deployment Architect • Deployment Architect • Transition Architect • SIEM Manager
SOC Roles

• Deployment Engineers • Deployment Engineers • Deployment Engineers • Transition Engineers • SIEM Admin
• Networking Team • Security Team • Security Team • Transition Architect
• Security Team • Log Source Team POC • Transition Engineers
SOC TEAM COMPOSITION

 Transition Project Manager, Transition Architect and Engineer

 Service Delivery Manager
 SDM
 Security Intelligence Analyst/Emergency Response – L3
 SIA/CIRT/Service Delivery Focal
 SIEM Correlation Engineer – L2
 SIEM Analysts TIER1 – L1
 Named SOC Analysts assigned to our SOC
customers
SOC Services Supported Product Catalog - True Vendor-Agnostic Approach
SOC- AS-A-SERVICE – ACTION PLAN

 Gather List of in-scope Assets

 Create an IPSEC Tunnel

 Deployment of SIEM instance in Cloud

 Deploy Onsite Collector at Customer Premises

 Configure Log Sources to send Data to SIEM

 To create rules for alerting

 Transition the Environment to SOC

For 24X7 SOC Monitoring

T h a n k Yo u