:: IT Managment
CYBERSECURITY
How to Choose a
SOC-as-a-Service Provider
Make sure the company you work with has other college customers, provides ready communications, uses best-of-breed tools, does the heavy lifting for you and shows integrity about the work it’ll do for you.
Knowing what’s going on is one thing, but alerts get tiring and monitoring alone isn’t enough. The IT organization wants to know that the SOC-as-a-Service is primed to jump into the battle with remediation and response the second something is detected.
As you consider building a security operations center, you may opt for SOC-as-a-Service. To make sure you choose the right vendor, consider these five elements:
1) A college customer base.
Make sure your SOC service provider understands the campus environment and already counts other institutions among its clientele. Then when one institution experiences a specific kind of attack, explained Jason Miller, founder and CEO of cybersecurity service provider BitLyft, the vendor can “ingest that data, categorize it and look for other universities with a similar profile and persona” for quick “auto-immunizations.”
Knowing what’s going on is one thing, but alerts get tiring and monitoring alone isn’t enough. The IT organization wants to know that the SOC-as-a-Service is primed to jump into the battle with remediation and response the second something is detected.
2) Continuous communications.
Cybersecurity isn’t the kind of activity you want at an arm’s length. Make sure the vendor maintains a regular and open channel of communication with your internal IT team that goes beyond a dashboard (though that helps too). “We keep our weekly meetings with our clients anywhere between 15 minutes to 60 minutes long,” said Miller. An important aspect of those check- ins is that customers receive updates about the troublesome activities that could signal problems. That data can help bolster the business case for moving security projects forward.
3) A robust toolset.
Find out what kinds of security tools the SOC-as-a-Service provider uses. There shouldn’t be any secrets about it, and
it may help you improve your internal efforts by knowing
what these subject-matter experts chose for their job. As
an example, BitLyft relies on a SIEM platform for monitoring and detection. Its clients can also monitor the same activity from their own displays. “They have the full capability to see everything that we see, but they have the assurance that we’ve got their back and are taking action on their behalf,” said Miller. In the early days of an engagement, he noted, “The client will call us: ‘Did you see that? Did you do that?’” After a month or two, however, “they know we’re going to do our job.”
4) Get beyond monitoring.
Knowing what’s going on is one thing, but alerts get tiring and monitoring alone isn’t enough. The IT organization wants to