Get in Touch Close Menu

Security Operations Centre (SOC)

security-operations-center

SOC

Addressing the growing volume of threats in a structured and effective manner at scale requires a dedicated Security Operations Centre (SOC). Building such a function in-house is time consuming and requires a significant investment in human and technological assets.

Sapphire’s Managed SOC brings together the latest technology with highly skilled analysts to protect organisations from a UK-based centre, 24×7. This allows customers to focus on core competencies knowing that front-line threat detection, analysis, prevention and reporting are effectively handled.

1. Best-of-Breed

Investing in next generation countermeasures means customers benefit from access to the latest Security Information and Event Management (SIEM), Endpoint Detection Response (EDR), Vulnerability Management, Incident Response technology and more. Sapphire powers this with high-grade threat intelligence feeds, greatly enriched with customer data for context.

2. Experience

With 25 years of experience and a certified specialist team, including and especially our security analysts, customers benefit from people who are as adept on the front lines as they are in the board room.

3. Service

Operating around the clock from a UK-based SOC powered by a Tier 3 datacentre, Sapphire delivers the highest quality of service. This can be tracked and measured using dynamic reporting tailored to each specific business.

1. What does a Security Operation Centre (SOC) do?

The Security Operations Centre’s key function is to monitor, prevent, detect, investigate, and respond to cyber threats. The SOC combines people, processes and technology to achieve this, often providing 24-hour coverage using the following best practices:

Detection: In cyber security, detection is critical. A Security Operations Centre monitors an organisation’s environment 24/7/365 to uncover malicious or suspicious activities, collecting as much information as possible on threats for more in-depth investigation.

Investigation: SOC analysts scrutinise suspicious activity to determine the precise nature of the threat and its extent. This includes understanding the attack vector, how the chain of events unfolded and how to respond.

Response: Front-line SOC teams coordinate with your technical team to assist and advise in the remediation of any issues.

Reporting: The SOC team provides detailed actionable reporting based on the individual needs of your business, focusing on valuable, relevant security information that will improve the security strategies of your business.

2. What tools are used in a Security Operations Centre?

The modern Security Operations Centre needs industry leading security tools to stay ahead of the threat landscape. Attackers constantly evolve their tools and techniques, meaning security architecture has to keep up with these emerging risks. As such, a SOC generally utilises:

  • Security Information and Event Management (SIEM)
  • Vulnerability scanners and penetration testing tools
  • Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
  • Firewalls and Next-Generation Firewalls (NGFW), which can double as IPS’s
  • Log Management Systems, which are usually a part of SIEM
  • Cyber Threat Intelligence Feeds and Databases

3. What makes a Next-Gen SOC?

With macro trends shifting the perimeter and increasing volumes of threats, security measures must react accordingly. The Next-Generation Security Operations Centre has responded to this increase in complexity by deploying more automated solutions to respond to a dynamic attack surface and ever-larger volumes of threats using machine learning and other intelligent data handling capabilities.

4. What does a SOC monitor?

A Security Operations Centre’s services have standard procedures to detect, filter and triage threats. As such, a SOC must monitor logs, endpoints and other security events, allowing analysts to minimise risk. To perform this function effectively, the SOC needs to understand which threats are urgent and what further investigation is required, instigating a multi-level escalation process.

5. Why does an organisation need a SOC?

There are many reasons for a SOC, everything from risk reduction and protection of corporate value to meeting regulatory requirements, as organisations that handle sensitive data must prove they can safeguard information. Those with significant resources develop their own in-house Security Operations Centre. However, partnering with a Managed Security Service Provider (MSSP) achieves the same impact with minimal capital expenditure.