Do I need a SOC?

sarlacpit · ‎02-08-2024

A company has recently undergone an exponential growth to 500 employees.

Everyone works from home and uses a cloud based solution for email and documents.

Needless to say, things are in a bit of a mess and need strightening up.

I was asked if they needed a SIEM.

This sparked many thoughts, before they employ a SIEM - They need to have things in place otherwise money will be wasted and no real value will be gained.

1, Asset management and Data Classification (inc Supplier assessments)

2, Threat Modelling (prioritisation)

3, Risk Assessments

From there they can look at what they would like to ingest and make use of.

I am sure that there are other things to be considered before deciding if a SIEM is appropriate and would appreciate any input.

Thanks in advance

Early_Adopter · ‎02-08-2024

Before a SOC, or a SIEM or any other bits and bobs do they have appropriate policies? Particularly with regards to OS, User and application logs? I’d say getting the first cut of a boiler plate policy they can use as a template/guide for their market, vertical, country should be very high priority. They could also write their own but they seem to be deep in the tooling weeds.

I’d agree with your asset register/CMBD as one to start as well, but you might find starting classification, threat modeling and risk as dementia tricky without an appropriate policy framework(also their local privacy and other regulations dictate what you can and can’t collect/do).

Some opinion from me but as a first step I’d get a basic, rough cut security policy first if it’s not there.

sarlacpit · ‎02-08-2024

Thanks, that's really good point.