When it comes to cybersecurity, you don’t want any surprises.
This includes the services provided by your managed security operation center (SOC).
Once you sign a contract, you want to know your managed SOC will collect and analyze your security data and respond as needed. In other words, you want to ensure your managed SOC is meeting your expectations.
After all, a managed SOC is supposed help you worry less about managing all of your security data. If you’re willing to sign a contract, it means you are ready to hand over this responsibility.
As an IT consultant, we’ve heard our customers recount stories of bad IT experiences. Whether it was poor communication or lacking services, we know it is too common to have unmet expectations regarding IT services.
At The KR Group, we strive to be different. When we hire staff, communication skills are something we heavily consider before making a job offer. Not only do we want to provide a highly certified team, but one that can clearly explain what is going on within your IT environment.
When signing a contract with a managed SOC, you want to know what’s included. So, to start on the right foot, let’s go over what you can expect with a managed SOC contract by answering some frequently asked questions:
- Do I need to make any additional purchases with a contract?
- Will managed SOC services work with my existing infrastructure?
- How will I know when a threat is detected?
- Who do I go to with problems or questions?
- Will I be more secure with managed SOC services?
- Will I understand what is going on?
- Will a managed SOC meet all my needs?
By reviewing these components, we hope to help you breathe a sigh of relief that your managed SOC contract will cover exactly what you need it to.
Do I need to purchase anything additional with a managed SOC contract?
Before your managed SOC can start providing service, you may need to purchase a sensor, depending on your environment.
The sensor gathers and processes the security logs from various devices throughout your environment and forwards them to your managed SOC to analyze.
There are two types of sensors:
1. Virtual sensors
These sensors are installed on your existing VMware or Hyper-V hypervisor.
Along with the virtual sensor, you’ll need to install two network adapters (one for management and the other for log collection). Because of the amount of traffic the sensor will process, your managed SOC will recommend using new, dedicated sensors. One is used to monitor the traffic, and the other is used to manage it.
Along with purchasing a virtual sensor and adapters, the best practice is to set up the management adapter on a separate, dedicated VLAN.
These sensors are generally free of low cost.
2. Physical sensors
These sensors are a separate hardware component that you install in your IT stack.
This sensor costs more than a virtual sensor; however, it provides an option for businesses that don’t have enough hypervisor space for the virtual alternative or have a high volume of security logs.
Physical sensors come with three options: one for businesses with fewer than 100 devices, one for businesses with fewer than 1,000 devices, and another for businesses with fewer than 10,000 devices.
Along with a sensor (virtual or physical), some businesses might need to add multi-gig Ethernet capabilities to their IT environment.
These sensors have a cost associated with them, but it’s generally less expensive than updating your hypervisor environment.
Will managed SOC services work with my existing IT infrastructure?
IT is an investment, so you want to make sure your managed SOC can work with what solutions you already have.
There are a few configuration measures you’ll need to take to have managed SOC effectively serve your business:
- Set up the sensor, including adaptors and VLAN
- Have adequate disk space if you choose a virtual server
- Have Ethernet capabilities
- Have adequate network bandwidth
What “adequate” means depends on your organization’s size and how much data your managed SOC receives. Your provider is the best one to give you the exact specifications of these requirements.
You can choose to do any necessary configuration on your own or have your managed SOC do it. However, the latter option will impact your initial cost.
How will I know when a threat is detected?
The purpose of managed SOC is to track activity across all of your hosts.
By analyzing all of your security data, a managed SOC can quickly identify suspected attacks.
Your managed SOC will, of course, be alerted when anything suspicious shows up. However, how your employees are alerted is based on how you and your managed SOC set it up.
You will have control over who receives these alerts and how. Your managed SOC is monitoring your environment 24/7, which means an alert can come at any time.
You need to decide who will receive these alerts and if that person wants them to come as an email or text message. Or, do you want the managed SOC to take care of everything and only alert you if they need something or once the threat is handled?
Who do I go to if I have a problem?
When a threat is detected, your managed SOC will respond to it. How soon they’ll respond depends on what SLA option you choose in your contract.
The KR Group’s managed SOC services give you the option of a two-hour or 30-minute response time. While two hours is generally adequate for mitigating a threat, you may consider the 30-minute alternative if you want to show your business responds to threats as fast as possible.
If you have other questions or concerns about your services during your contract duration, your managed SOC will provide you with an email and a phone number to contact them.
Will I be more secure with managed SOC services?
Ultimately, a more robust security posture is the goal of all the components of managed SOC services discussed above.
By continually monitoring your IT environment and looking at the big picture from all of your security logs, your managed SOC has more in-depth insight than just looking at individual security measures.
This allows them to locate and remove threats faster, which means your IT environment is more secure.
Will I understand what’s going on?
At this point, we hope we’ve assured you that your managed SOC will check all the boxes on what you need from this service.
However, while you’re contracting with a managed SOC to help protect your environment, you will want to understand what is going on as well.
For most business owners, you’re contracting managed SOC services because cybersecurity is not your expertise. Even if you have an internal IT department, they likely don’t specialize in cybersecurity.
When your managed SOC does detect a threat, you want your provider to have the expertise to handle the event but also the communication skills to let you know what is going on.
The right managed SOC will know how to explain what they find in a way that makes sense but doesn’t make you feel like you’re being talked down to. You can tell if your managed SOC will work with you this way when you’re speaking with them before signing a contract.
Will managed SOC services meet my needs?
All of the above questions can be summed up by asking if a managed SOC contract will meet all your needs.
Because when you hand over any part of your IT environment, you’re putting a huge amount of trust in the provider. And when it is cybersecurity you’re handing over, this trust is paramount.
Our team has been on the proactive and reactive sides of cybersecurity, and we much prefer to help you before an attack strikes.
We want to be your consultant. When it comes to managed SOC services, this means answering your questions and then providing a service you can trust.
Our staff genuinely enjoys making IT work for our customers, and when it comes to cybersecurity, that means protecting you before an attack.
We’ll help you find the right sensors and response time, let you know when a threat is detected, be there for you when you have a problem, and explain what is going. All of this sets you up to have a stronger security posture and a solid threat remediation plan.
To learn more about what a contract would look like for your business, schedule a time to talk with us.