When you’re running a business that relies on technology, data security is something you must keep in mind.
If your business becomes the victim of an attack, it could translate to lost dollars in production, paying for fines, and losing customer trust.
A solution to this is to partner with a managed security operations center (SOC). This cybersecurity service takes the logs from your antivirus, firewalls, DNS filters, etc. and analyzes them all together instead of individually.
Managed SOC services also include 24/7 monitoring and alerting in your IT environment to catch and respond to threats.
They are also tailored to your business. However, this means you have some decisions to make, such as which sensor to use in your network.
At The KR Group, one of the security services we offer is managed SOC, so we know how important it is to pick the right sensor for your environment.
But before we get into the options for managed SOC sensors, let’s go over what they do.
The function of managed SOC sensors
Sensors are an important component of your managed SOC services.
They gather and process the security logs from various devices throughout your environment and forward them to your managed SOC to analyze.
What security data they do process, however, is dependent on your individual environment.
We know not every business has all of these controls in place, though, and the sensor will work with whatever logs it can analyze.
Managed SOCs, including us at The KR Group, generally offer two types of sensors:
1. Virtual sensors that are installed on a virtual server
Virtual sensors for managed SOC services use your existing hypervisors to monitor and manage your network.
Depending on if you use VMware or Hyper-V, you’ll require a slightly different sensor. However, they have identical functions.
Both hypervisor options require you to install two network adapters for the sensor. One is used to monitor, and the other is used to manage.
We recommend using new, dedicated sensors for managed SOC services because of the amount of traffic flow that each one will process.
Best practices also include setting up the management adapter in a separate, dedicated VLAN.
However, we know resources will vary based on the size of your business.
Virtual sensors are a good choice if you have a small business with fewer than 100 devices within the environment. (However, as we’ll discuss next, there are still physical devices for business with small IT footprints.)
2. Physical sensors that are installed in your environment
The other option for sensors is a physical sensor. These are installed on your network like any other hardware.
Again, you have options for these. The size of your IT environment will determine which physical sensor is right for you.
There are three options for businesses with fewer than 100 devices, fewer than 1,000 devices, and fewer than 10,000 devices. Almost all businesses will be covered by these categories.
If you don’t have the virtual space for a virtual sensor, choosing a hardware sensor is an alternative for sending security data to your managed SOC.
Cost of virtual sensors vs physical sensors
In general, virtual sensors are less expensive than physical servers, and the price of physical servers increases as the number of devices within an environment increases.
The bulk of the cost associated with virtual sensors is labor, whereas with physical sensors you’re paying for equipment as well.
As with most components of IT, the exact cost of the managed SOC sensor (as well as the contract as a whole) depends on your specific needs.
Choosing a sensor
How does all of this information translate to what sensor is right for your business?
Here’s what you need to consider:
- Virtual sensors are ideal for businesses with a small IT footprint and/or with space on their virtual servers.
- Physical servers are ideal for businesses with a range of the number of devices.
- Both virtual and physical sensors will collect data from your existing cybersecurity solutions, regardless of how many you have deployed.
- In general, physical sensors are more expensive than virtual servers.
Signing up for managed SOC services
Once you find the right sensor, you’ve started customizing your managed SOC contract. However, sensors are only one of the aspects you’ll need to consider.
Before your contract is ready to sign, you’ll also need to decide on SLA time and go over the details of a contract with your provider.
For information on all the components you’ll need to consider with managed SOC services, check out our article overviewing a managed SOC contract.