You’re working to keep your company secure. You have all the right tools and decided that you need a Security Operations Center (SOC). You’ve done your research and decided that SOC as a service is right for you. But what do you look for in a SOC provider?
Judge your friends by the company they keep
The best way to start is to make sure the potential SOC provider is a member of relevant security organizations. These groups are invaluable to foster cooperation and coordination in incident prevention, as well as information sharing so members know the latest threats and how to mitigate them.
A SOC can’t work in isolation. A member of these organizations gets first hand insight on vulnerability and ongoing attacks, so they can act quickly and proactively. They can secure their own and their customers’ environments before these issues become public knowledge.
The prime group is FIRST.org, the Forum of Incident Response and Security Teams. FIRST is the premier organization and recognized global leader in incident response. It includes a variety of security incident response specialists from academia, government and the private sector.
There are also country CERTs (Community Emergency Response Teams) and regional groups like the European TF-CSIRT which a good SOC should be part of.
Has your SOC paid their dues?
You also need to check the qualifications of your potential SOC provider to see they follow best practices. Various groups provide certifications which are extremely important in this field. As an example, some of Basefarm’s specialists have:
• GIAC Information Security Professional (GISP)
• Certified Information Security Professional (CISSP)
• ITIL Foundation Certificate in IT Service management (ITILF)
• GIAC Penetration Tester (GPEN)
• GIAC Certified Forensic Analyst (GCFA)
• Red Hat Certified Engineer (RHCE)
• SANS / GIAC Advisory Board membership
Additionally, a SOC might have additional services which demonstrate their commitment to security. For instance, Basefarm has a wealth of other service components which can complement a SOC. These include:
• Intrusion Detection System (IDS)
• Web Application Firewall (WAF)
• Log Management with Security Information and Event Management (SIEM)
• Penetration Testing
• IT Forensics
• Vulnerability Testing
• Security Consulting
In a nutshell, if you are looking for SOC as a service make sure the provider has the right people with the right qualifications and right tools who are members of the right organizations.
This might interest you too:
Author: Fredrik Svantes, Senior Information Security Manager, Basefarm
Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .