A Security Operations Center (SOC) is the command center for the cyber defence of companies and organizations. From here, security experts monitor company networks, analyze threat data and respond to security incidents. But which SOC is right for your company? Find out with the information in our two-part blog series and our checklist.

• A Managed Security Operations Center meets the requirements of the NIS2 & KRITIS umbrella law and saves the costs of an in-house SOC team.

Imagine having your own team of cyber security experts watching over your IT systems around the clock. This is exactly what a modern Managed Security Operations Center does: The outsourced SOC acts like a highly specialized cyber operations center, detecting threats and responding to security incidents at lightning speed. It also meets all legal requirements and security standards of the German Federal Office for Information Security (BSI): KRITIS umbrella law, NIS2 directive and GDPR data protection.

At the technical heart of a managed SOC are advanced security tools such as:

• Security Information and Event Management (SIEM)
• Threat Intelligence Systems
• Real-time monitoring tools

But technology alone is not enough: Experienced SOC analysts monitor and control the processes, compare alerts with their expert knowledge and inform you immediately in the event of an emergency.

Our SOC teams experience first-hand every day how important an effective SOC is for companies. The following example from our day-to-day work as a Managed Security Service Provider (MSSP) illustrates what a modern Managed SOC can do:

Phase 1: Protection requirements

A medium-sized mechanical engineering company decided to secure its digitalized production with a managed SOC. The aim was to continuously monitor suspicious activities and act quickly in the event of an emergency.

Phase 2: Early detection

The SOC monitoring system already registered suspicious data flows into the company’s network during implementation. A SIEM tool sounded the alarm when it detected unusual transfers to external servers.

Phase 3: Threat analysis

The SOC analysts delved deeper into the investigation and discovered that the target server belonged to a ransomware network. With the help of threat intelligence, they were able to precisely categorize the threat – an immediate response was required.

Phase 4: Crisis management

The SOC team immediately informed the company and our incident response team. Measures were taken immediately to prevent the threat from spreading. Thanks to rapid coordination, it was possible to stop the encryption of the production systems in good time.

Phase 5: Preventive security measures

After the incident, the SOC team helped the company to further strengthen its security architecture. EDR solutions were implemented on all systems and staff received training on phishing and social engineering.

These phases show how a managed SOC proactively detects, analyzes and neutralizes threats – while supporting long-term preventative measures. The SITS experts implemented Endpoint Detection and Response (EDR) on all systems and trained employees in dealing with phishing and social engineering.

This example shows how a Managed SOC ensures security at various levels. This was achieved through:

• Continuous monitoring: this is how the SOC system detects attacks in real time
• Threat intelligence: classification of incidents and data analysis
• Incident response: in an emergency, human SOC analysts respond immediately and provide support
• Proactive consulting: the SOC team advises on preventive measures

“Managed SOC doesn’t just mean responding to security incidents – it means implementing security comprehensively and preventively,” says one of our SOC analysts.

Building and operating your own SOC is out of the question for most companies, as it is tantamount to building a fortress. A reliable Security Operations Center requires:

• Specialized security experts
• Cost-intensive monitoring technologies
• Personnel-intensive 24/7 operation

In short, the annual costs quickly reach the millions and the complexity is high. For this reason, there are two models for companies: SOC as a Service (SOCaaS) and Managed SOC.

SOC as a Service (SOCaaS) can be understood as a type of “security WG” or a “shared SOC”:

• Several companies usually share a central SOC platform, which the SOCaaS provider makes available in the cloud.
• Each company benefits from the services of experienced cybersecurity experts who can be reached via a ticket system or telephone hotline without customers having to invest in personnel and technology themselves.

SOCaaS offers SMEs in particular the opportunity to raise their IT security to a top level – and at a fraction of the cost of their own SOC.

The following arguments speak in favour of the more individual Managed SOC:

• Tailor-made SOC solutions for your specific requirements
• Seamless integration into your existing processes and IT systems
• Maximum flexibility and security services for the IT department

A Managed Security Operations Center is like a tailor-made suit – perfectly tailored to the company and its IT environment – but usually comes with a slightly higher price tag than a SOCaaS.

SOCaaS or Managed SOC? This decision depends on various factors:

• Size and complexity of your IT infrastructure
• Sensitivity of your data and systems
• Regulatory requirements of your industry
• Available budget for IT security

In recent years, the SOC teams at SITS Group have found that the two approaches often complement each other – in times of cloud security, the boundaries are becoming blurred.

In the second part of our two-part blog series, you will find all the important decision criteria for selecting the best managed SOC for your organization as well as the checklist drawn up by our experts to help you make the right choice. Of course, our experts will also be happy to assist you personally.