This is the second post in a two-part blog series with input provided by Chad Spears, Director of NSOC Operations at InfusionPoints.
We’ve previously shared five questions to ask when evaluating a SOC provider to ensure they are the right fit for your organization. In that post, we discussed what to expect from a SOC and how pricing for a SOC solution typically works. Here are five more questions to help you conduct a deeper dive as you continue your search for a SOC provider.
- What certifications do SOC analysts have? It’s important to ensure the staff at the SOC have the certifications that are relevant to your business. For example, if you are a healthcare provider, your SOC should have certifications that pertain to the compliance regulations you are required to adhere to. In addition, you should ask if the engineers are certified in the technology you use. Some of the certifications to ask for as they pertain to security include: Offensive Security Certified Professional (OSCP), Certified Professional Ethical Hacker (CPEH), Computer Technology Industry Association (CompTIA) Security+, and Certified Information Systems Auditor (CISA).
- How do I know the SOC is secure? The SOC should have a facility clearance. You should ask how your data is stored and who has access to it. You should also make sure the SOC can handle your data. For example, if you are a federal contractor, you need to make sure the SOC you choose knows how to handle compliance for your Controlled Unclassified Information (CUI). Not only are virtual controls important, but physical controls should also be in place to ensure that the data is protected. Consider a SOC that uses badge control to gain access to the building and that the SOC itself has access control.
- What services would the SOC be monitoring? The SOC should be able to monitor both cloud and on-prem services. No matter where your data lives, your SOC should be able to monitor what is coming into your network and what is going out.
- What can the SOC do? Obviously, you want your SOC to be reactive, but it is critical that they are proactive as well. Your SOC should be monitoring network traffic to determine if there is any suspicious activity to prevent a breach or attack. No matter the case, the SOC should be able to handle the appropriate actions based on the severity of any incident that occurs. They should also be skilled in Threat Hunting and keep up-to-date with the latest best practice standards.
- How scalable is a SOC service? Your SOC provider should grow and change with the needs of your organization. It’s important to find a provider that can scale and grow with you, whether you’re a small organization or a Fortune 500 company.
A good SOC provider will be able to answer these questions (and more) to demonstrate they are capable of monitoring your network. For more information on SIEM SOC services, contact us today.