I'm currently searching for articles and evaluations of a Managed Security Services Provider that can provide a SOC (Security Operations Center) as a service. My client does not have the manpower to build a SOC internally, so they want to buy it as a service. I need to build lists of requirements and potential providers. I already have a list of the requirements demanded by the client, but for the list of potential providers, I need also to disclose reasons why a potential provider is on the list.
I already found:
- Studie: Das sind die besten IT-Security-Dienstleister (German language)
Do you know about other sources of such information?
If I may ask, what are the client's requirements?
Sometimes, I see clients engage with SOC services, where they could've been better served by XDR providers with real-time monitoring, response and remediation services.
Another approach is to reach out to their Cybersecurity Insurance policy underwriter to inquire who they are working with. I have seen some policies that had a very specific list of vendors that were supposed to be called on in case of the incident responses.
You should investigate Virtual Security Operational Centers (SOCs) whereby the actually development and running of a SOC, with the right resources and skills is a multi-million dollar development. It is not for the faint of heart.
So as the others have stayed, I see many Financial Institutions creating their own internal SOCs, at great expense, due to various global legislation to ensure that financial transactions are maintained within certain SLAs for instance or they have to answer to the nearest Reserve Bank with a bunch of penalties.
Ask why they need one? They may be far better adopting a service, with the appropriate skills, who have resources 24x7x365 availability, and can immediate reaction with an Incident Response Team as required.
Do you need one physically on site, or within country due to data sovereignty issues?
Or do you in fact just need a single pane of glass by using a Virtual SoC?
Can you correlate all your cloud providers information into a single pane of glass, that gives you visibility as to what is really going on and allows you to call out the troops when you need them?
Or do you need more direct control, due to legislation or local fraud requirements etc.
I've talked with the client and I can be a bit more specific what they want and what they need.
As already told, my client does not have enough manpower to build a SOC internally. The company has about 400 employees in the financial sector. They are located in Germany, so the primary contact must be able to communicate fluently in German language.
They have on-prem servers (Windows and Linux), Oracle databases, firewalls, switches, on-prem Active Directory and Azure AD, Exchange hybrid, Office 365, Dynamics Online, Windows clients, mobile endpoints with VPN, etc. and they want someone who consolidates "signals" from all these services and devices (login-events, syslog-messages, antivirus-events, port-scans, downloaded volume of OneDrive-folders etc.) in one system to detect attacks and issues and who reacts using defined responses (e.g. isolates a client that is infected, informs about usage of NTLM-authentication or outdated/vulnerable software/firmware).
The team that monitors the systems with a focus on security, reports about the status of the systems, and mitigates incidents is what they call a SOC.
The monitoring should be 24x7, the communication must be in German language, all data must stay in the EU - preferable in Germany.
They don't want to build it - they want a managed service provider who can provide the people, the know-how, and the service.
We currently identified some potential partners for this task, but we are still searching for additional potential partners, and we need reasons to put partners on the list. We will then send these potential partners a list of requirements with the request to provide information if and how they can provide the service that is needed. From the results of this list, we will determine a shortlist of candidates that we will ask to do a presentation about specific use cases the client wants to cover in detail.
My hope was that someone was already in a similar situation (in need of a list of vendors for 24x7-monitoring, detection and response), who can provide some resources I can use to create my list.