Security Operations Center (SecOps), often referred to as SOC-as-a-Service, SecOps or Cyber Security Operations, is a dedicated Information Security unit of Information Technology primarily focused on automated Monitoring, Analysing and Response of IT Security Alerts and Incidents generated from SIEM. A Security Operations Center (SOC) is a selected team of Information Security Officers, Analysts and Engineers responsible for an organisation's protection of information against vulnerabilities, cyberthreats and breaches using SIEM

The Security Operations Center (SOC) team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of cybersecurity technology solutions and a strong set of policies , procedures and processes using Security Information and Event Management (SIEM) as the methodology and framework for the automated reporting and management of security breaches and incidents.

Security Operations Center (SOC-as-a-Service), SIEM

Cyber Watchdogs is a Managed Security Services Provider (MSSP) offering SOC-as-a-service, self-hosted Security Operations Center (SOC) and Cloud Security Operations Center (SecOps) design, development, deployment and hosting in South Africa.

Managed by our team of security experts, SOC-as-a-Service will allow you to take control of your Network Security with cutting edge technologies and methodologies to primarily prevent, but also the SIEM security tools with the ability to detect, analyse and respond to threats and incidents affecting your information security at the highest level.

We design and deploy custom Security Operations Center (SecOps) and SOC-as-a-service solutions around your infrastructure requirements and resources with partnership agreements from leading Security Operations Center (SOC-as-a-service) providers and Security Software vendors. We offer the building blocks to secure your infrastructure with response automation policies and procedures built around industry leading SIEM tools and utilities.

Security Operations Center (SOC-as-a-Service) Solutions

  • Active Network Scanning
  • Host-Based Assessments
  • Vulnerability Scans
  • Prioritised Vulnerabilities
  • Network Intrusion Detection System (NIDS)
  • Host Intrusion Detection System (HIDS)
  • File Integrity Monitoring (FIM)
  • Intrusion Detection in the Cloud
  • Threat Intelligence
  • Unified Security Management (USM)
  • Threat Detection
  • SIEM and Log Management
  • SIEM-as-a-Service
  • Dark Web Monitoring
  • User Activity Monitoring
  • Compliance Reporting
  • Forensics & Response
  • Automated Asset Discovery
  • Endpoint Detection & Response
  • SOC-as-a-service
Security Operations Center (SOC-as-a-Service), SIEM

Comparing Security Operations Center Solutions

Watchdogs SOC-as-a-Service

  • Dedicated Security Team
  • 24/7 Monitoring & Response
  • Low Cost (Hosted Infrastructure)

Cloud SOC-as-a-Service

  • Self Monitoring & Response
  • Low Cost (Hosted Infrastructure)
  • High Cost (IT Security Staff)

In-House Security Operations Center

  • Self Monitoring & Response
  • High Cost (Infrastructure)
  • High Cost (IT Security Staff)

There are two critical functions in building a Security Operations Center (SOC)

1) The first is setting up your security monitoring tools (SIEM) to receive raw security-relevant data (e.g. login/logoff events, persistent outbound data transfers, firewall allows/denies, etc.). This includes making sure your critical cloud and on-premises infrastructure (firewall, database server, file server, domain controller, DNS, email, web, active directory, etc.) are all sending their logs to your log management, log analytics, or SIEM tool.

2) The second function is to use these tools to find suspicious or malicious activity by analyzing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.); reviewing and editing event correlation rules; performing triage on these alerts by determining their criticality and scope of impact; evaluating attribution and adversary details; sharing your findings with the threat intelligence community; etc.

Knowing what it will take to build a Security Operations Center (SOC) will help you determine how to staff your team. In most cases, for Security Operations Center (SOC) teams of four to five people, the chart below will relay our recommendations.

How To Build a Security Operations Center (SecOps) Team

SOC Role

Tier 1
Security Analyst

Description

Triage Specialist
(Separating the wheat from the chaff)

SOC Skills

Sysadmin skills (Linux/Mac/Windows); programming skills (Python, Ruby, PHP, C, C#, Java, Perl, and more); security skills (CISSP, GCIA GCIH, GCFA, GCFE, SIEM etc.)

SOC Responsibilities

Creates new trouble tickets for alerts that signal an incident (SIEM) and require the Security Operations Center (SOC) Tier 2 / Incident Response review. Runs vulnerability scans and reviews vulnerability assessment reports. Manages and configures security monitoring tools (SIEM).

Tier 2
Security Analyst

Incident Responder
(IT’s version of the first responder)

All of the above + natural ability, dogged curiosity to get to the root cause, and the ability to remain calm under pressure. Being a former white hat hacker is also a big plus.

Reviews trouble tickets generated by Tier 1 Analyst(s). Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts.

Tier 3
Expert Security Analyst

Threat Hunter
(Hunts vs. defends)

All of the above + be familiar with using data visualization tools and penetration testing tools.

Reviews asset discovery and vulnerability assessment data. Explores ways to identify stealthy threats that may have found their way inside your network, without your detection, using the latest threat intelligence. Conducts penetration tests on production systems to validate resiliency and identify areas of weakness to fix. Recommends how to optimize security monitoring tools (SIEM) based on threat hunting discoveries.

Tier 4
SOC Manager

Operations & Management
(Chief Operating Officer for the SOC)

All of the above + strong leadership and communication skills

Supervises the activity of the SOC team. Recruits, hires, trains, and assesses the staff. Manages the escalation process and reviews incident reports. Develops and executes crisis communication plan to CISO and other stakeholders. Runs compliance reports and supports the audit process. Measures SOC performance metrics and communicates the value of security operations to business leaders.

SOC-as-a-Service

Staffing a Security Operations Center (SOC) and the cost of the Security Operations Center (SOC) Infrastructure, Software and Licensing could affect your bottom line. This is where companies benefit to outsource the Security Operation Center (SOC) to Cyber Watchdogs (MSSP), South Africa. Our SOC-as-a-service solution provide security experts in CyberSecurity and hosting the infrastructure, security software and licensing for an award winning Security Operations Center (SOC), Cyber Watchdogs provide:

  • 24/7 Network Monitoring
  • Advanced Correlation
  • Real-Time Alerts
  • Remediation for any malicious activity
  • Integrated incident management workflow
  • Reports required for compliance purposes
  • Low monthly cost
  • Advanced Architecture Design
  • Real-Time Attack Visualisation
  • Vulnerability Correlation

Compliance

  • FISMA
  • GDPR
  • GLBA
  • GPG13
  • HIPAA
  • ISO 27001
  • PCI DSS
  • Sarbanes-Oxley (SOX)

Not sure if Cyber Watchdogs (MSSP) is the right managed security solution for SOC-as-a-Service? Answer the following questions:

Do you know who wants to steal your customer’s data and why?

Do you have an internal team of advanced deep cyber security experts?

Can you afford a 24/7 SOC ?

Can you keep pace with the rapidly shifting threat landscape?

If you answered NO to any of these questions then Cyber Watchdogs Hosted SOC-as-a-Service or Self-Hosted Security Operations Center is the right solution for you.

Services

Managed Services

Cloud Services

Cyber Security

IT Security

Remote IT Support

Web Security

Server Hosting

SOC-as-a-Service

Infrastructure Management

Cyber Security Watchdogs

Dedicated IT Service Areas

Western Cape, South Africa (RSA)

Cape Town

Somerset West

Stellenbosch

Strand

Gordon's Bay

Paarl

Cyber Security Watchdogs

(MSP, MSSP & ITSM)