Managed SOC Services

SOC in cyber security stands for Security Operations Centre – a specialist facility that includes the people, technology and threat intelligence organisations need to monitor and improve their cyber security posture. A SOC is sometimes referred to as a CSOC (Cyber Security Operations Centre) – the terms are largely synonymous.

A SOC is made up of security analysts, engineers and responders tasked with preventing, detecting, responding to and remediating cyber threats around-the-clock. SOCs are typically responsible for activities such as system deployment and management, log management and monitoring, incident investigation and triage, vulnerability management and compliance reporting.

A SOC analyst is a cyber security professional who works as part of the team responsible for monitoring IT infrastructure to identify security weaknesses and detect and respond to threats. Check out the latest SOC Analyst, Junior SOC Analyst and Senior SOC Analyst roles on our website.

A Network Operations Centre (NOC) is responsible for maintaining and monitoring IT systems and preventing network interruption and downtime. A NOC isn’t responsible for cyber security, which is the traditional remit of a Security Operations Centre (SOC).

The three pillars of a successful SOC are people, process and technology. A good Security Operations Centre will be made up of a team of experts who manage and monitor threat detection technologies around the clock, using advanced analytics, integrated intelligence and custom automation processes to provide continuous threat detection and response.

The tools used in a SOC or co-managed SOC will vary from one environment to another, but the one essential purpose they share is data collection. To identify threats, a SOC needs a vast amount of telemetry and event data to be collated, analysed, contextualised and enriched. SOC tools could include SIEM, IDS, EDR, UEBA, NTA, vulnerability scanning and behavioural monitoring technologies.

A SOC should use a number of different technologies to help identify threats across an organisation’s complete IT environment. SOC tools should monitor network traffic, event logs and endpoint activity. Security experts can then collate and analyse this information and use it to identify threats and shut them down before they cause damage and disruption.

Building and implementing a SOC is far from an overnight process. It requires an extensive period of design and strategy planning, in which SOC processes are created and training is undertaken.

The work isn’t over after implementation – SOC use cases need to be developed and the facility has to be maintained and developed over time. For any organisation lacking the resources to build and staff 24/7 operation, a co-managed SOC or fully-managed SOC will prove a cost-effective option to help bridge the gap.

A managed SOC, sometimes referred to as SOC as-a-service, is an outsourced security service that provides organisations with a SOC capability for a cost-effective subscription. A managed SOC works as a virtual extension of in-house resources to deploy and manage security technologies, monitor and triage alerts, analyse and investigate threats and support incident response. SOC services take many different forms, including a fully Outsourced SOC, Virtual SOC or Co-managed SOC, where responsibilities are split between the buyer and service provider.

As you might expect, the cost of a SOC varies significantly from organisation to organisation. Implementing the latest technologies and monitoring them 24/7 is costly, and the certified security experts needed to carry out day-to-day operations don’t come cheap. Even for a medium-sized business, costs can quickly escalate into the millions, with recent research from the Ponemon Institute suggesting an average annual spend of over £2.5 million. Outsourcing the SOC function should yield significant cost-savings – for many organisations the subscription fee will be lower than the equivalent cost of hiring just a small team of analysts to cover a 24/7 shift rota.