security operations centre SOC implementation and optimisation

SCHEDULE AN OVERVIEW

SOC Implementation & Optimisation Services

Arrange an Overview 

describe the image

REQUEST A QUOTE

SOC Optimisation Quote

Receive a Fixed Price Proposal 

describe the image

RELATED SERVICES

SOC Implementation and Optimisation

What is SOC Implementation and Optimisation?

Security Operations Centre (SOC) or Security Incident and Event Monitoring (SIEM) solutions provide the software platform for improving the security of an organisation or service.  The value and return of this investment will depend greatly on how effectively the solution is implemented and optimised.

With our experience implementing and integrating SIEM solutions and operating SOC's for over 30 clients across the globe, we understand the processes and offer clients a way to extract maximum return from their investment.

Overview of our service

Security Alliance offers a comprehensive implementation service to set up an integrated and holistic system for security monitoring.  Technology and processes for security monitoring are implemented quickly and effectively, using a seven step process:

Step 1 - Asset valuation & risk profiling

During this phase, an asset inventory is built up of the servers and devices in scope.  Asset valuation is carried out.  Assets are valued as high, medium or low value based on their criticality to business processes, replacement cost and dependencies with other assets.  Risk profiling includes network modelling based on placement of assets in the network. 

Step 2 - Log baseline development

During this phase a log baseline is developed for all assets in scope.  A gap analysis will be conducted to determine the logging capability of each asset, current logging enabled and the required level of logging.  We coordinate with the relevant IT and security teams to enable the additional level of logs required across assets.  In this phase we achieve the following: 
  • Configure devices to generate security essential events
  • Stop or reduce noise events
  • Optimise event collection to increases detection capability and reduce consumption of log monitoring system's resources.

Step 3 - Product implementation

The implementation phase involves installation of software product modules, databases and agents.  Configuration includes population of asset database and network model.  Vulnerability scanning will be carried out for the devices in scope.  We will capture the known vulnerabilities that might be exposed, and integrate this information into the product.  Agent roll out is carried out for the defined scope, and coordinated with the relevant IT teams.

Step 4 - Customise rules, reports & dashboards

In this phase, the customisation of rules to filter in required events is configured.  Rules for alerting are developed based on threat scenarios.  This also includes correlation rules.  Report formats are developed and finalised based on feedback from the customer.  These include daily, weekly and monthly MIS reports, threat scenario-based reports, and trend analysis.  Security dashboards are configured based on business requiements.  The service includes management-level heat map reports, to track and identify improvements in IT areas, based on monitoring.

Step 5 - Development & implementation of Standard Operating Procedures (SOP)

During this phase we develop and implement the SOP framework.  The SOP lays the foundation for implementation of robust and scalable monitoring practices, encompassing all the critical processes requires for SOC.  The SOP integrates with IT and other security processes, and automated using the service desk of the customer.

Step 6 - Development of Service Level Agreements (SLAs)

It is good practice to develop SLAs to deliver services to business units and to measure effectiveness.  We develop SLA metrics aligned with business requirements and processes to track, measure and report against SLAs.

Step 7 - Knowledge transfer

There is consistent knowledge transfer across the implementation phase.  We train the client team on configuring and using the services, and train the operations team on processes and handover SOPs that have been developed.  

Key service attributes

  • Implementation of security monitoring software and related modules
  • Development and implementation of key processes as part of Standard Operating Procedures (SOP)
  • Set-up of log baseline, global threat integration, to see more events and gain key insights
  • Customisation of Software to deliver rules and reports for critical threat scenarios
  • Development of custom connectors on a need basis
  • Knowledge transfer and handover to client team.

What you receive

  • Fully implemented and optimised Security Operations Centre
  • Set of Standard Operating Procedures
  • Set of Service Level Agreements
  • Optional ongoing SOC optimisation services
  • Optional ongoing 24 * 7 monitoring and managed services

What to do next

Contact us on 0844 488 0964, email us at info@securityalliance.co.uk or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.