Security Operations Center: One size doesn’t fit all

Thomas Lakofski

January 19, 2016 at 10:30

Nobody wants to pay more than they need to – but still, everybody knows that when selecting an insurance plan, the price doesn’t tell you how well you are covered until the “unexpected” happens.

What should you expect to find in the fine print of a Security Operations Center (SOC) service description?


When selecting a MSSP for your Security Operations Center, how will you know the outcome of selecting a particular vendor before moving ahead with it?

It is already difficult to measure the value of security operations services in concrete terms, since your objective is to ensure something doesn’t happen: i.e. a security incident affecting your critical business processes. There are many service providers in this space, but selection of a vendor must consider factors beyond the cost of services. No two businesses are exactly alike, and the cheapest one-size-fits-all model of security services may not give the protection you would expect.

In this blog post I will try to cut the knot of the uncertain value of security services, with some pragmatic approaches to measuring the value of managed SOC services for your business.

Your objectives when selecting a managed SOC should include several items in the following:

  • You want to detect or prevent security incidents which affect your business objectives
  • You need better understanding of the security posture of your business so operational risks can be managed correctly
  • You want an advanced capability, but without the cost associated with building the capability in-house
  • You need a service provider who understands your business, so that special focus can be given to business-critical processes
  • You want a service provider who can anticipate current threats to your business, through integration with updated threat intelligence information


How can you ensure that a vendor you select will be right for your business?

Despite the challenges, it is essential to ask for a service provider with proven measures for demonstrating the value of managed SOC services, both during RFI/RFP phases, as well as during normal service operations.

The service provider must understand that the SOC is not protecting IP addresses, but your business. By analyzing and modeling your information processes and supporting technology, a competent service provider should be able to assess the suitability of their services, before installing a single sensor. This assessment should include:

• Analysis of your business value chain and identification of critical processes and supporting technology requiring protection
• Determining the potential protection from the SOC of your business applications through a benchmarking process
• Verifying the capacity requirements for your services, both in terms of technical monitoring capability, as well as capacity of the SOC personnel to triage and respond to your security events
• Determining suitable KPIs and SLAs for the SOC to detect and respond to potential security incidents, and ensure the health of your security monitoring

We are interested to hear your thoughts on appropriate KPI and SLA measures for a managed SOC.  We will collect your contributions and share them in a follow-up blog post.

= * = * = *  = * =

We at Nixu are happy to help you find yourself a suitable MSSP. A good benchmark is of course Nixu Cyber Defense Center (CDC).
In addition to the service elements mentioned in the blog post, Nixu CDC comes with the promise of managed quality and operational efficiency, enabled by our standardized operational processes and automation. These reduce the potential for errors, while ensuring that human intelligence is focused where it is needed.

Now you can discover the potential value of Nixu CDC services for your business, without having to commit to a lengthy and complicated on-site piloting process. If you would like to learn about the value you can gain from Nixu Cyber Defense Center, please get in touch by filling in a contact request via the Nixu Cyber Defense Center page.

The author Thomas Lakofski is working as an adaptive solutions specialist with a focus on security operations at Nixu Corporation. Thomas has experience since 1998 in varied information security roles in financial services, technology and telecommunications sectors.