In the age of digital economy, high-speed internet, and mobile devices, installing the security tools and preventing access to blacklisted websites is not enough. The cybersecurity tools should always be under control; otherwise, the measures taken will not only be ineffective but also create a dangerous illusion of security. This task can be solved by Security Operations Centers—smart systems that register and analyze incidents, anomalies, and user actions.
The task of a Security Operations Center (SOC) is to detect and prevent attacks and incidents, increasing the reliability and maturity of cybersecurity systems. SOC unites technologies, processes, and people with specific knowledge and experience.
SOC as a Service
Building an in-house SOC is a possibility to be considered, but it is feasible only for a few large enterprises because such centers are expensive to build, operate, and develop. Moreover, they need a team of analysts to study the collected data in 24x7 mode, and such specialists are expensive and hard to find. All over the world, most consumers prefer connecting to existing SOCs.
Infosecurity SOC (ISOC) by Softline is a Security Operations Center for our customers. Security event data are delivered from the customer infrastructure to ISOC, where they are analyzed to reveal incidents and launch the response systems. Thanks to round-the-clock security monitoring, advanced consulting, and online host analysis, we can not only detect the incident reasons but also eliminate them. Not only we inform our customers about threats—we do everything required to investigate and eliminate them.
Technologies. ISOC is powered by a number of open-source and in-house products. The solution is continuously developing to meet the latest threats.
Processes. ISOC uses meticulous and well-designed security event management processes and supports over 70 thousand event sources.
People. Our team includes analysts, an incident response and monitoring group, and developers that improve the SOC components. Our staff is one of the critical assets ensuring high effectiveness of Softline ISOC.
What are the outcomes of building an in-house SOC?
Let’s imagine that a top manager approves the budget, the IT guys start rolling out products, and the cybersecurity budgets are skyrocketing.
Sooner or later, the system is ready. Then the customer finds out that the façade of a state-of-the-art solution hides something ridiculous. Some important options are missing because the company chose the wrong platform, which had significant limitations. Other platform features are not working the way they were expected to work, and business tasks remain unsolved.
The passion for in-house SOCs can be compared to the obsession with data centers or “exclusive” websites on a tailor-made CMS. Due to higher flexibility and lower cost, most customers prefer to implement out-of-the-box solutions customized for their business requirements.
The crucial factor that invalidates the attempts to make a DIY SOC is the lack of a competent and experienced team. SOCs are more than just technical tools to collect information and monitor processes in real time. They also include a team of analysts that process data round the clock. Without any of its components—from analysts to staff monitoring modules—a SOC will be a far cry from the complete solution. It might be reduced to a SIEM system or a very expensive antivirus. The true value of the solution is unlocked when the software is combined with the effort of people that work with them.
We offer a Basic and an Extended package. They include connection to the cloud, directing the security event flows from the customer infrastructure to ISOC; configuring the incident detection rules; configuring the automated response system; round-the-clock security monitoring; advanced consulting and online host analysis. Our specialists respond promptly, detecting the incident reason and eliminating it. We do more than just inform our customers about the threats—we investigate and eliminate them.
The Basic package includes 6 most popular types of devices, and the Extended package supports 35. This number grows as new connectors are developed.
Plazius success story
The customer develops a mobile payment system and a digital marketing platform. Softline specialists have deployed a pilot project in the shortest possible terms, installing and configuring the solution without interrupting the work of the customer’s systems.
The excellent teamwork of the project group has ensured seamless migration and maintained business continuity. After the basic configuration stage, the ISOC was customized to meet the company’s requirements. After analyzing the collected data, we expanded the number of event sources, adding specialized sources that reflect the specifics of the customer’s processes.
Acceptance testing has shown that the system meets all the customer’s requirements.
The project was very efficient from the financial point of view. Plazius has avoided tedious search and recruitment of expensive specialists. At present, the ISOC support team fulfills all the system-related tasks. Working with an outsourcing partner is much cheaper than creating a cybersecurity division and maintaining a staff of subject matter experts.