A SOC or Security Operations Center is a group of staff who monitor for security alerts and events from a remote location. To qualify as a SOC it must be 24/7/365 and it must be staffed by experts in cyber security. Most SOC are staffed and trained by former members of law enforcement or national security services (think the NSA or CICIS).
Your network has added software and hardware that logs all security-related events and activities, and the SOC uses a combination of AI and real-life humans to investigate every “weird” activity they see.
For any SOC to be effective, you must add a SIEM to your environment (see below).
Cybersecurity threats are a concern for local and global organizations alike. The risks posed by malware, ransomware, data breaches, denial of service attacks, and spear-phishing are now at an all-time high. If you think your company is too small or doesn’t have enough data to be targeted, think again. Small to medium-sized businesses (SMBs) are not just a target, they are now the preferred target.
Security Information and Event Management (SIEM) is software that logs and analyzes any activity on the devices that it is configured to monitor. For a SIEM to be effective, every point where a bad actor (a hacker) can try to access your systems needs to be monitored.
This means firewalls, Wi-Fi access points, desktop and laptop computers, switches, cloud services and servers at a minimum. Any point where someone can try and connect to your network or install hacking software.
The SIEM software reviews the events that occur, and strips out the day-to-day. It analyzes information using a machine learning (AI) approach and pinpoints risky events.
The SOC team (see above) then evaluates these risks and addresses them in real time.
These and others are all necessary activities to cut the risk of a Cyber Security breach.
Even a one employee company with firewall, endpoint and cloud services could easily pay over $500 for SOC services. A 20 to 40 employee site might be $2000 to $3000, depending on the complexity.
The SIEM software is combined with a SOC to monitor your network and prevent cyber intrusions. For a SIEM to really be effective, a 24/7/365 team needs to be behind it to ensure it stops cyber attacks, not just records them.
Here are the major devices (and approximate costs) for SIEM and SOC services:
We offer end-to-end IT and security solutions to businesses of all sizes across Canada, helping our clients leverage our expertise to drive better business results, secure their businesses, and stay competitive.
Schedule a free call with Evan Jolliffe