13 Questions to ask your SOC provider
As cyber-attacks have become more frequent and complex, there has been a surge in the number of Security Operations Center SOC platforms specializing in threat hunting and incident response.
The SOC market is projected to grow from $471 million in 2020 to $1.656 billion by 2025, at a compound annual growth rate of 28.6% during the forecast period, according to a recent study by MarketsandMarkets. A search for SOC providers returns hundreds and possibly thousands of results.
So, what’s the best way of checking if a prospective SOC provider is actually capable of providing the data protection your organization needs? The answer is simple: ask questions.
Here are our 13 questions to ask your managed SOC provider.
Are you ready to monitor my entire technology pack?
When you sign up for a managed SOC, you want to know you’re getting a complete solutions provider that can respond to all your security concerns. If your SOC provider doesn’t know how to operate and monitor your tools, then they won’t be capable of applying correlation rules or conducting cross-tools investigations. The end result may be having to change your toolset, a potentially expensive and time-consuming process.
What drives your detection and how do you keep it up to date?
Cybercriminals and cybersecurity providers are engaged in an increasingly sophisticated game of cat and mouse. If a cybercriminal uses new tactics to attack your business, you want to know your SOC provider is capable of keeping pace. When assessing SOC providers, ask what drives their detection and how they keep up to date with the latest cybercriminal tactics.
How do make sure that I’m monitored by professionals?
Even the best cybersecurity tools can fail to protect you if put in the wrong hands. A good managed SOC offers threat intelligence and malware analysis tools backed by a team of trained and experienced security analysts. The team works as an extension of the tools, monitoring, analyzing, and investigating threats and providing incident response.
Do you have all the necessary SOC teams in-house to support me?
The best managed SOC providers employ high-level experts in threat intelligence, threat hunting, malware analysis, cyber research, digital forensics and incident response (DFIR), and more. Having all these capabilities in one place saves you from having to coordinate between multiple SOC vendors.
Are you fully 24X7 or just on duty?
This an easy one. Attackers work around the clock and your cybersecurity should too.
Can I know my alert statuses at any given moment?
Being the victim of a cyber attack can be a stressful experience, and doubly so if you have no visibility into the incident. Any SOC provider worth their salt should provide real-time alerts, so you know where things stand with the incident response and get notified when it is (hopefully!) resolved. Even after speaking to your SOC provider, always check the service-level agreement for the exact details of your plan.
Is incident response included in the package?
Threat hunting and intelligence is one-half of the cybersecurity game. The other half is incident response. When you subscribe to a SOC provider, check that they offer threat intelligence and incident response – otherwise you might find yourself frantically searching for a new vendor in the middle of an attack.
Can you also monitor my endpoints?
In a global world where your users operate round the clock, you need to make sure cybercriminals aren’t stalking your operation. Your endpoint is the most vulnerable part of your system, which is why you need 24/7 endpoint monitoring. Managed detection and response (MDR) takes endpoint monitoring to another level, monitoring your endpoint round the clock and modifying your ruleset when required to meet your organization’s security needs.
Do you meet relevant standards and regulations?
It’s not enough for a SOC provider to say they meet certain standards and regulations. They need to be able to help you meet the standards and regulations to which your organization is committed. For example, if you are bound by standards requiring continuous monitoring (such as PCI-DSS 10.5.5, 11.5), you need a SOC platform capable of meeting these standards – otherwise, you may face legal penalties or reputational damage for non-compliance.
How do you secure my data?
Your SOC provider is probably the last place you’d think cybercriminals would go to get their hands on your data, but the truth is most dangerous cyber-attacks go through third-party service providers. As a cybersecurity expert, your SOC provider should be capable of storing your data securely.
How complex is the integration and what is the time frame from contract to coverage?
When you subscribe to a SaaS platform – whether it’s an HR platform, CMS platform, SOC platform, or anything else – you need to know the setup process is quick and that value may not be evident until after a few months time. You also need to know your SOC can handle all your cybersecurity needs – otherwise you might end up having to hire multiple vendors.
Do I need other vendors to support me?
See above. A good managed SOC provider should be able to fulfill all your data protection needs – from threat hunting, malware analysis, and endpoint monitoring through to incident response.
How do make sure that your analysts won’t harm my environment?
It’s scary to say it out loud but an inexperienced or untrained analyst is capable of killing your production environment. That’s why you need a managed SOC with a skilled and experienced team of analysts who know what they’re doing.
Finding your SOC provider
Finding the right SOC provider is a big decision, but it doesn’t have to be complicated. Asking the right questions can help weed out the good SOC providers from the mediocre – and ensure your organization gets the protection it needs.