improve through better technology

Managed Security

Managed Security (sometimes called Security Operations Centre or SOC) is almost always paired with Managed Services (which is one of a Network Operations Centre [NOC] and/or Helpdesk). Managed Security adds 24/7/365 active monitoring of security incidents to your Managed Services.

What is a SOC?

A SOC or Security Operations Center is a group of staff who monitor for security alerts and events from a remote location. To qualify as a SOC it must be 24/7/365 and it must be staffed by experts in cyber security. Most SOC are staffed and trained by former members of law enforcement or national security services (think the NSA or CICIS).

Your network has added software and hardware that logs all security-related events and activities, and the SOC uses a combination of AI and real-life humans to investigate every “weird” activity they see.

For any SOC to be effective, you must add a SIEM to your environment (see below).

Who is at Risk of Cyber Attacks?

0 %
of cyber attackers target small businesses
0 %
of SMBs go out of business within 6 months of a cyber attack
0 %
of data security breaches are caused by human error and system failure

What is a SIEM?

Security Information and Event Management (SIEM) is software that logs and analyzes any activity on the devices that it is configured to monitor. For a SIEM to be effective, every point where a bad actor (a hacker) can try to access your systems needs to be monitored.

This means firewalls, Wi-Fi access points, desktop and laptop computers, switches, cloud services and servers at a minimum. Any point where someone can try and connect to your network or install hacking software.

The SIEM software reviews the events that occur, and strips out the day-to-day. It analyzes information using a machine learning (AI) approach and pinpoints risky events.

The SOC team (see above) then evaluates these risks and addresses them in real time.

The Managed Security Process

These and others are all necessary activities to cut the risk of a Cyber Security breach.

What Should You Budget?

Even a one employee company with firewall, endpoint and cloud services could easily pay over $500 for SOC services. A 20 to 40 employee site might be $2000 to $3000, depending on the complexity.

The SIEM software is combined with a SOC to monitor your network and prevent cyber intrusions. For a SIEM to really be effective, a 24/7/365 team needs to be behind it to ensure it stops cyber attacks, not just records them.

Here are the major devices (and approximate costs) for SIEM and SOC services:

  1. SIEM Capable Firewalls – not every firewall can be monitored. Only very high end firewalls have this capability. Expect between $400 and $2000 a month for the combination of the hardware rental and monitoring services. NOTE: This represents one of the most critical areas of monitoring for security as all data passes through your firewall going in or out of your network.
  2. Endpoints (laptops and desktops) – add about $30 per month each without managed services (not recommended by itself).
  3. Network Devices (range from tablets to printers to other misc. devices) – add about $30 per month also.
  4. Cloud or Software as a Service monitoring – costs around $550 per month to properly monitor Office 365 or Google G-Suite for intrusion.
  5. Servers – ironically, servers are the same cost as endpoints. They have the same risk profile as a desktop or laptop computer.

* These are rough estimates only.

Get More From Your IT Assets

We offer end-to-end IT and security solutions to businesses of all sizes across Canada, helping our clients leverage our expertise to drive better business results, secure their businesses, and stay competitive.

Schedule a free call with Evan Jolliffe

Evan 300x300 1