Finding the right Security Operation Center (SOC): how to know you’re partnering with experts
As a new year begins to unfold in front of us and we close the book on the one that came before, more and more organizations are regarding the cyber landscape – one littered with the battered, pilloried casualties of data breaches, ransomware and spear phishing attacks – and deciding to eliminate the risk that their name will be the next one in the headlines by adding a SOC to their managed service suite.
As a result, a SOC is becoming an absolute necessity for managed service providers. But this obviously isn’t a case where something is simply better than nothing, because with the sophistication of the cybercriminals at work today, a substandard SOC might as well be nothing.
Before partnering with a SOC, consider the following five questions:
#1: When you cut through the buzzwords, what actual capabilities does the SOC offer?
The SOCs you’d be considering probably aren’t big brand names, but they very likely have the budget for a slick marketing team that knows all the right keywords and how to position an organization as a leader in their field. To find the right fit, cut through the buzzwords to see if the capabilities are actually behind them.
If a SOC is claiming to be able to think like attackers, they should be able to tell you about their relentless ethical hacking and pen testing. Just like advanced intelligence should mean dark web monitoring and contacts in the deep web, multi-layer monitoring should mean actual multiple layers of monitoring with incident prioritization, and cutting-edge incident response should mean highly trained professionals with demonstrable experience.
#2: What kind of hands-on experience can the SOC tell you about?
Don’t let a prospective SOC hide behind vague claims and talk of NDAs. If they are as good as they claim to be, they will have plenty of in-the-wild experience to detail. Even a SOC with one year of experience and any clients at all should have war stories. After all, it doesn’t matter who it happened to and when it happened as it does what precisely occurred and how the SOC prevented, averted, responded, mitigated or investigated.
#3: What sort of a track record does the SOC have?
Results, results, results. If a SOC can tell you all about incidents it saw or was involved in, but the happy endings don’t seem to be coming, it could be that their overall track record is far from good. Or at least not good enough for them to be seriously considered as your partner.
Flat-out ask to review a potential partner’s track record. If that track record is handed over, it will tell you everything you need to know. If that track record is not handed over, that probably tells you everything you need to know as well.
#4: Can you define the right KPIs with the SOC?
Business is business and when you connect with a potential partner it’s imperative you be on the same page when it comes to performance. This means being able to set out the key performance indicators (KPIs) against which results will be measured.
What specifically these KPIs are will vary from company to company; what matters is that you as a managed service provider and the SOC as one of the managed services you provide can be in agreement as to what is going to be measured and what results are expected.
#5: What kind of added value does the SOC bring to your company?
As a managed service provider, you want to be a one-stop shop for SMBs and other organizations looking to have their IT infrastructure and end-user systems managed, but chances are that without a SOC you lack the in-depth cybersecurity abilities necessary to track the latest threats, respond to major incidents and perform forensic investigation and analysis. Which happens to be exactly what your partner SOC should be there for.
Added value aspects your partner SOC should bring the table include, but are not limited to:
· Proactive vulnerability assessment
· A critical cybersecurity information layer
· Multi-layer network monitoring
· Threat detection
· Attack prevention
· Real-time incident response and management
· Forensic investigations
· Regular, customized reporting
The full package
Partnering with a SOC to up your MSP game is a major consideration. Not only do you need to find a SOC that provides top of the line cybersecurity, but it needs to be a company that can effectively partner with you to provide a complete and streamlined solution. It’s well worth taking the time to ask yourself – and the SOC – the important questions before any deals are struck, and it’s well worth taking the time to find the SOC that’s going to be the yin to your yang because before you know it, your clients are going to be asking what you can do for their cybersecurity. If they haven’t started asking already.