The three primary SOC.OS use cases and subsequent customer journeys are outlined below:
| In House SOC with no SIEM or SOAR | In house SOC with SIEM | MSSP | |
|---|---|---|---|
| Security context | - Several off the shelf threat detection tools are deployed which provide a suitable level of protection in accordance with an acceptable risk tolerance level. - Additional protective monitoring technologies such as SIEM or SOAR are now being considered. |
- A SIEM is implemented which enhances the threat detection capability and attempts to make sense of all the data being produced by the threat detections tools deployed. | - Delivering security protective monitoring services to several customers using off-the-shelf threat detection tools and in some cases, an in-house and custom technology stack. |
| Challenges and approach to alert management | - Drowning in alerts from the disparate threat detection tools and are unable to triage all of the alerts with the current team. - Triaging alerts takes place on an ad-hoc basis. - A lack of understanding in the overall threat position and what could be taking place on the network. - A lack of internal resources available to solve these problems. |
- After an expensive and lengthy implementation, the SIEM was initially working well and generating alerts. - A lot of effort was soon required to triage the alerts generated, as well as to actively manage the detection content. - Now drowning in alerts. - Still lacking an in-depth security intelligence and understanding of the potential threats taking place on the network. |
- Multiple security analysts responsible for triaging alerts and managing tickets and incidents on behalf of customers. - Analysts are drowning in alerts and it’s difficult to spot the genuine signal in the noise across customers. - The enterprise grade in-house technology stack is well suited for selling into large enterprise customers who can afford the highest level of service, but not as well-suited for selling into the SMB and mid-market, which is a strategic growth priority for the business. |
| Options available | - No appetite to outsource security monitoring but an in-house SIEM seems overkill. - Less interest in the alert generation capability of SIEM and more in the integration of existing data and overall threat visibility. - Concern that a SIEM would introduce overhead costs, time and effort associated with deployment and ongoing maintenance. |
- Use the SIEM provider’s additional professional services or an additional automation module, but the cost and effort of implementation is high. - The SOAR module is aimed towards workflow orchestration, which is time-consuming and expensive; it could be useful at some stage, but not right now. |
- Invest in training for the analysts to become more effective at managing the technology stack or invest in professional services to help deliver a similar service. - Both options are time-consuming and expensive. - To help achieve revenue growth, the business is currently seeking a protective monitoring technology which is appropriately aligned to the SMB and mid-market. |
| SOC.OS Benefits | - SOC.OS was onboarded and running in less than a day. - Once live, it immediately started to condense alerts, correlating them together into meaningful clusters, and prioritising the most urgent ones to address. - As well as embedding a 24/7 monitoring capability, the team’s productivity has improved as they now know where to focus their remediation efforts. - Enhanced visibility and intelligence on the real threats taking place across the network. |
- SOC.OS was onboarded and running in less than a day. - It immediately started to provide security intelligence, explaining how threats were evolving across the network and enabled prioritisation of resources and remediation effort. - The team’s productivity has improved as SOC.OS automates many manual and swivel-chair investigation steps. |
- SOC.OS was onboarded and running in less than a day. It immediately started correlating alerts across the customer base and enhanced the capability of spotting the signal within the noise. - The existing SOC services have been supercharged as they can delivered more effectively and efficiently. - SOC.OS also provides an additional revenue stream as it is a cost-effective offering which can be sold into the SMB and mid-market. |
A number of real life Case Studies are available on the website detailing: