Security Operations Center (SecOps) and Network Operations Center (NOC), often referred to as SOC-as-a-Service, NOC-as-a-Service, SecOps or Cyber Security Operations, is a dedicated Information Security unit of Information Technology primarily focused on automated Monitoring, Analysing and Response of IT Security Alerts and Incidents generated from SIEM.

A Managed Security Operations Center (SOC) is a selected team of Information Security Officers, Analysts and Engineers responsible for an organisation's protection of information against vulnerabilities, cyberthreats and breaches.

The Security Operations Center is monitored 24/7/365 by a team of Cyber Security Experts who Analyse, Investigate and Respond to threats and vulnerabilities in realtime. Threats are very often detected and contained even before you, your MSP or IT Department is aware of the cyber attack or attempted breach.

Security Operations Center (SOC-as-a-Service), SIEM

The Managed Security Service Provider( MSSP) goal is to detect, analyze, and respond to cybersecurity incidents using a combination of cybersecurity technology solutions and a strong set of policies , procedures and processes using Security Information and Event Management (SIEM) as the methodology and framework for the automated reporting and management of security breaches and incidents.

Cyber Watchdogs is a Managed Security Service Provider (MSSP) offering SOC-as-a-service, self-hosted Security Operations Center (SOC) and Cloud Security Operations Center (SecOps) design, development, deployment and hosting in South Africa.

Managed by our team of security experts, SOC-as-a-Service / NOC-as-a-Service will allow you to take control of your Network Security with cutting edge technologies and methodologies to primarily prevent, but also the SIEM security tools with the ability to detect, analyse and respond to threats and incidents affecting your information security at the highest level.

We design and deploy custom Security Operations Center (SecOps) and SOC-as-a-service solutions around your infrastructure requirements and resources with partnership agreements from leading Security Operations Center (SOC-as-a-service) providers and Security Software vendors. We offer the building blocks to secure your infrastructure with response automation policies and procedures built around industry leading SIEM tools and utilities.

What your MSP, IT Department or Consultant is not seeing

Cyber Security Watchdogs, Managed Services, Cloud Services, Website Security, IT Security and Secure Hosting - Cape Town, South Africa

Watchdogs For Protection

Scan SMB environments, identify security gaps and provide information to help you determine the most efficient security strategy. It includes Security Awareness Training and DNS Protection offered by Webroot.

Watchdogs For Endpoint Security

Complete solution that monitors environments, detects threats and quickly remediates attacks, all with the support of an experienced 24/7 SOC Service.

Watchdogs For Network Security

The right solution for SMB's that need to meet compliance requirements. Collect and analyse information from network devices,manage endpoint & managed firewall logs, create alerts and keep log retention to assure you are covered for regulatory demands.

Security Operations Center (SOC-as-a-Service) Solutions

  1. Active Network Scanning
  2. Host-Based Assessments
  3. Vulnerability Scans
  4. Prioritised Vulnerabilities
  5. Network Intrusion Detection System (NIDS)
  6. Host Intrusion Detection System (HIDS)
  7. File Integrity Monitoring (FIM)
  8. Intrusion Detection in the Cloud
  9. Threat Intelligence
  10. Unified Security Management (USM)
  11. Threat Detection
  12. SIEM and Log Management
  13. SIEM-as-a-Service
  14. Dark Web Monitoring
  15. User Activity Monitoring
  16. Compliance Reporting
  17. Forensics & Response
  18. Automated Asset Discovery
  19. Endpoint Detection & Response
  20. SOC-as-a-service
  21. NOC-as-a-Service
Security Operations Center (SOC-as-a-Service), SIEM

Comparing Security Operations Center Options

Watchdogs SOC-as-a-Service

  • Dedicated Security Team
  • 24/7 Monitoring & Response
  • Low Cost (Hosted Infrastructure)

Cloud SOC-as-a-Service

  • Self Monitoring & Response
  • Low Cost (Hosted Infrastructure)
  • High Cost (IT Security Staff)

In-House Security Operations Center

  • Self Monitoring & Response
  • High Cost (Infrastructure)
  • High Cost (IT Security Staff)

There are two critical functions in building a Security Operations Center (SOC)

1) The first is setting up your security monitoring tools (SIEM) to receive raw security-relevant data (e.g. login/logoff events, persistent outbound data transfers, firewall allows/denies, etc.). This includes making sure your critical cloud and on-premises infrastructure (firewall, database server, file server, domain controller, DNS, email, web, active directory, etc.) are all sending their logs to your log management, log analytics, or SIEM tool.

2) The second function is to use these tools to find suspicious or malicious activity by analyzing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.); reviewing and editing event correlation rules; performing triage on these alerts by determining their criticality and scope of impact; evaluating attribution and adversary details; sharing your findings with the threat intelligence community; etc.

Knowing what it will take to build a Security Operations Center (SOC) will help you determine how to staff your team. In most cases, for Security Operations Center (SOC) teams of four to five people, the chart below will relay our recommendations.

Cyber Security Watchdogs, Managed Services, Cloud Services, Website Security, IT Security and Secure Hosting - Cape Town, South Africa

How To Build a Security Operations Center (SecOps) Team

SOC Role

Tier 1
Security Analyst

Description

Triage Specialist
(Separating the wheat from the chaff)

SOC Skills

Sysadmin skills (Linux/Mac/Windows); programming skills (Python, Ruby, PHP, C, C#, Java, Perl, and more); security skills (CISSP, GCIA GCIH, GCFA, GCFE, SIEM etc.)

SOC Responsibilities

Creates new trouble tickets for alerts that signal an incident (SIEM) and require the Security Operations Center (SOC) Tier 2 / Incident Response review. Runs vulnerability scans and reviews vulnerability assessment reports. Manages and configures security monitoring tools (SIEM).

Tier 2
Security Analyst

Incident Responder
(IT’s version of the first responder)

All of the above + natural ability, dogged curiosity to get to the root cause, and the ability to remain calm under pressure. Being a former white hat hacker is also a big plus.

Reviews trouble tickets generated by Tier 1 Analyst(s). Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts.

Tier 3
Expert Security Analyst

Threat Hunter
(Hunts vs. defends)

All of the above + be familiar with using data visualization tools and penetration testing tools.

Reviews asset discovery and vulnerability assessment data. Explores ways to identify stealthy threats that may have found their way inside your network, without your detection, using the latest threat intelligence. Conducts penetration tests on production systems to validate resiliency and identify areas of weakness to fix. Recommends how to optimize security monitoring tools (SIEM) based on threat hunting discoveries.

Tier 4
SOC Manager

Operations & Management
(Chief Operating Officer for the SOC)

All of the above + strong leadership and communication skills

Supervises the activity of the SOC team. Recruits, hires, trains, and assesses the staff. Manages the escalation process and reviews incident reports. Develops and executes crisis communication plan to CISO and other stakeholders. Runs compliance reports and supports the audit process. Measures SOC performance metrics and communicates the value of security operations to business leaders.

SOC-as-a-Service

Staffing a Security Operations Center (SOC) and the cost of the Security Operations Center (SOC) Infrastructure, Software and Licensing could affect your bottom line. This is where companies benefit to outsource the Security Operation Center (SOC) to Cyber Watchdogs (MSSP), South Africa. Our SOC-as-a-service solution provide security experts in CyberSecurity and hosting the infrastructure, security software and licensing for an award winning Security Operations Center (SOC), Cyber Watchdogs provide:

  • 24/7 Network Monitoring
  • Advanced Correlation
  • Real-Time Alerts
  • Remediation for any malicious activity
  • Integrated incident management workflow
  • Reports required for compliance purposes
  • Low monthly cost
  • Advanced Architecture Design
  • Real-Time Attack Visualisation
  • Vulnerability Correlation

Compliance

  • FISMA
  • GDPR
  • GLBA
  • GPG13
  • HIPAA
  • ISO 27001
  • PCI DSS
  • Sarbanes-Oxley (SOX)

Not sure if Cyber Watchdogs (MSSP) is the right managed security solution for SOC-as-a-Service? Answer the following questions:

Do you know who wants to steal your customer’s data and why?

Do you have an internal team of advanced deep cyber security experts?

Can you afford a 24/7 SOC ?

Can you keep pace with the rapidly shifting threat landscape?

If you answered NO to any of these questions then Cyber Watchdogs Hosted SOC-as-a-Service or Self-Hosted Security Operations Center is the right solution for you.