SOC as a Service

Companies are upgrading their cybersecurity to meet the increasing requirements for information security. As a medium-sized company, they need to better protect themselves against cybercrime and cyber attacks. Anyone who wants to be certified according to ISO 27001 must take appropriate security precautions. Suppliers to the automotive industry have even more to do in terms of cybersecurity thanks to TISAX. It is therefore not worthwhile for SMEs and medium-sized companies to set up their own SOC. With SOC as a Service, medium-sized companies can avoid high personnel costs and technical investments. A team of experienced IT security specialists monitors the IT infrastructure of companies, private educational institutions and NGOs.

SOC stands for Security Operations Center. A SOC as a Service monitors and analyzes the threat situation of a specific organization. In this way, these organizations fulfill their legal and contractual obligations to protect confidential data. A SOC proactively identifies, analyzes, assesses and combats threats. With the introduction of NIS 2.0 in the European Union, companies from a wide range of industries must demonstrate that they are making efforts to protect sensitive data (e.g. customer data, personnel data, transaction data, tax-relevant data).

SOC as a Service improves information security

In the following video you will learn how a SOC as a Service can strengthen your company’s security. It also explains how a SOC makes it easier to meet the requirements of ISO 27001 and TISAX.

What services does a SOC offer?

A SOC is more than just a control center in a data center. Our technical experts have experience in data center operations in several European corporations (automotive industry, electrical industry, IT sector) as well as other public bodies (e.g. military, police, energy supply). Therefore, the SOC was built with the following elementary components specifically for SMEs and upper middle class or hybrid organizations as well as private universities:

Reporting

The TISAX standard requires evidence preservation and up-to-date reporting on the organization’s cyber threats.

24x7 Monitoring

The SOC team (in 3 zones) monitors your IT security using SIEM and EDR technology.

security measure

ISO 27001 requires the implementation of security measures to protect information.

SoC Reports
SoC Monitoring
SoC for ISO 27001

SOAR

SOAR enables security tools to be efficiently orchestrated. Numerous tasks are carried out automatically to significantly reduce response times.

This is the heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

This is the heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

SOAR Tools
SoC Monitoring
SoC for ISO 27001

Security Operations Center for medium-sized businesses

Medium-sized companies do not have the necessary specialist staff to set up a SOC control center and operate it in three shifts. Therefore, many medium-sized companies and SMEs outsource the tasks of a SOC to an external security operations center operator.

What is a Managed SOC

With a managed SOC, a security operations center is operated and managed on behalf of a company. This means that the contracting company does not have to build the necessary infrastructure for a SOC itself.

SIEM attack detection

Security-relevant processes are analyzed in real time by specialists and AI in the cloud.

MITRE safety standard

The detection of cyber threats is based on the MITRE standard.

real-time monitoring

Real-time monitoring identifies signs of an impending attack and takes countermeasures

SIEM as a Service
MITRE detection methods
Realtime

Made in Europe

Our SOC was developed in Europe and ensures greater information security for our customers in several regions

Sovereignty

A company's data should always remain in the company's possession. The company's home country is the deciding factor.

Power of Innovation

Through continuous improvement and testing of new protection mechanisms, the SOC offering is continuously expanding.

Service made in Europe
data sovereignty
Innovative Methods

Why is a SOC important for companies?

In addition to fulfilling legal and contractual obligations, a company must maintain its insurance coverage by using a SOC. Once a certain level of risk has been reached, companies want to protect themselves against threats with cyber insurance. If company management has not taken the necessary security measures to minimize risk, insurance coverage can be canceled. The insurance company is only willing to insure a risk if the risk of occurrence is reduced by appropriate precautions taken by the company.

In the event of a hacking incident, the insurance company can refuse to cover settlement costs after a loss. In doing so, it will argue that the insured party knowingly accepted the risk. With a SOC as a Service, you can prove to your liability insurer that you are taking the necessary measures. Insurers are increasingly expecting companies to maintain ISO 27001 certification and a SOC with the appropriate SIEM and EDR.

Why operate a Security Information and Event Management (SIEM) system?

A Security Information and Event Management (SIEM) as a Service monitors your entire IT infrastructure around the clock for anomalies.

  • Collection, processing and evaluation of log data
  • Detection, analysis and defense against cyber threats
  • Proactive threat hunting by our analysts
  • Protection for all assets (in your own office or server room, home office, cloud, colocation server and virtualization)

How Endpoint Detection and Response (EDR) as a Service monitors

An Endpoint Detection and Response (EDR) as a Service monitors your endpoints around the clock to detect and prevent threatening activities.

  • Greater responsiveness to security incidents
  • Automatic defense against known threats
  • Only one software agent for different assets
  • Protection for all assets (clients & servers, e.g., Windows, MacOS, Linux systems and many more)

Extended Detection and Response (XDR) as a Service is mandatory

Extended Detection and Response (XDR) as a Service extends the classic EDR service with SIEM functionality:

  • Extended protection beyond endpoints
  • Monitoring of cloud, firewall, appliance data and more
  • Creation of behavioral profiles to detect anomalies
  • Reduced response time to cyber threats

ISO 27001:2022 requires vulnerability management

With the introduction of the new ISO 27001:2022 standard, companies are required to introduce effective vulnerability management. Vulnerability Management as a Service therefore monitors your IT systems 24/7 for security vulnerabilities and provides recommendations for remediation.

  • Continuous overview of security vulnerabilities
  • Regular reports with recommended measures
  • Prioritization of vulnerabilities according to criticality and exploitability
  • Security advisories

Network Detection and Response (NDR) as a Service protects

By providing Network Detection and Response (NDR) as a Service, you extend the protection of your IT to the OT. This enables risk analysis through to anomaly and attack detection for IT/OT:

  • Monitoring of all network traffic
  • Use of machine learning for threat detection
  • Visibility for IT and OT
  • Autonomous attack defense possible

SOC as a Service enables faster incident response

Companies must respond promptly to security events (= incident response). The combination of EDR/XDR and SIEM as a Service enables companies to prepare for the security incident in good time. ISO 27001 and Tisax expect organizations that comply with the standards to be able to implement all tools and processes for rapid defense according to a specified procedure. To do this, the following activities and procedures should be able to be carried out seamlessly:

  • Fast and competent assessment of the risk situation
  • Close cooperation between our analysts and forensic experts
  • Compliance with legal reporting obligations
  • Fast restoration of normal operations

Digital Forensics with the Help of the SOC

Digital forensics is an important part of an incident response strategy. Our company supports business customers and authorities in IT forensics. Our experts give lectures to authorities (BKA mobile communications conference 2015), security events and conferences. Our customers benefit from our special expertise. We support you in handling incidents and communicating with security authorities for law enforcement purposes.

  • Evaluation of affected servers and clients
  • Analysis of memory images without affecting the productive environment
  • Court-admissible report
  • Recommendations for action to prevent future incidents
Information security requires guidelines so that people know the right path

Why should you run a SOC yourself?

If you have your own IT department with more than 100 IT specialists, you could set up your own SOC team. Companies with more than 15,000 employees usually have a data center control center for historical reasons. You can easily accommodate your SOC there. To do this, however, you will need to provide intensive training to the existing shift workers or supplement them with a dedicated SOC team. The best thing to do is to take your current emergency manual to hand. Have you documented a suitable recommended course of action for all possible scenarios? You will realize that you still have some homework to do. You need to equip your future SOC technically and organizationally like a rapid response team. Include the Security Operations Center in your ISMS so that your information security does not have to endure any gaping security gaps.

What do you need for your own SOC?

For a SOC team, you need at least 2 people in 3 shifts. Think about absences due to vacation and illness. Do you have enough staff to fill unexpected gaps at short notice? It’s best to start looking for 9 new IT employees.

You also need high-quality technical equipment for a complex workplace. A 15″ monitor and a Core 5-based notebook are not enough. You will often find several screens in SOCs, which means that the cybersecurity expert always has an overview while preparing or executing a measure. The expert also needs additional equipment to continuously test new scenarios or technologies.

In addition, you also need special software in your own SOC to monitor all the different systems and platforms. When rolling out new security precautions, you must ensure that all systems adopt the new settings. If there are problems activating these new security measures, the respective security system shows which systems could not be adapted.

Answers to frequently asked questions about SOC as a Service

Here you will find many typical questions that our customers ask themselves before introducing a SOC. Also read the following pages on related topics of a SOC service.

In addition to the managed service (rules and change management), a SOC as a service includes a SOC analyst team and services such as:

  • Provision of the SIEM platform and log collectors (IBM QRadar)
  • Connection of defined IT systems (e.g. EDR platform, firewalls)
  • Automated correlation of events
  • 1st and 2nd level analysis of security events
  • Support for the customer in the event of a threat (e.g. according to run and playbook)
  • Maintenance, high availability and optimization of the SIEM platform
  • Creation of reports

Since our customers operate in Europe and North America, the SOC service is supported by a multilingual team (German, English, Polish, Turkish, Spanish, Dutch, French). It is no longer enough to operate a localized-speaking SOC as a service in a united Europe.

For our managed SOC, we use the industry standard IBM QRadar for SIEM. The security-relevant data is processed in our own data-sovereign and BSI-C5-tested cloud infrastructure (T-Systems VMware).

  • Platform provider: IBM QRadar
  • Sensors: Security solutions and log collectors - also on-site (virtual appliance)
  • Data sources: EDR, Windows, Linux, firewall, flow collectors
  • Connection of data sources: Based on the IBM standard.
  • Individual use cases on request.

Our SOC use cases are developed based on MITRE's leading standard for detecting cyber threats.

  • The phases of the attack can be correctly identified at any time (cyber kill chain)
  • SOC use case database for e.g. EDR solutions or domain controllers is continuously optimized and expanded
  • Detection of zero-day vulnerabilities (as a supplement to EDR and vulnerability management solutions)
  • SOC analysis and reporting on this basis

To introduce our SOC service into your system landscape, we carry out a standardized onboarding with you. This makes it possible for companies of different sizes to put the SOC as a service into operation within a short period of time, even without their own security experts.

The following is part of a SOC onboarding:

  • Kick-off meeting
  • Inventory and goal definition
  • Creation of a customer-specific onboarding plan
  • Connection of the log sources (standardized sources)
  • Setting up a set of rules according to current best practice
  • Fine adjustments to the security solutions (e.g. EDR events)
  • Activation of the use cases based on MITRE ATT&CK
  • Fine adjustment of the set of rules in collaboration with the customer
  • Definition of run and playbooks
  • Documentation