When interviewing a potential SOC company that you want to work with, one of the burning questions you need to ask is what typical SOC company onboarding looks like for them. Based on the answer you can see how much experience they have, how much they know about the topic, and how much they are ready to put themselves in your collaboration.
Everything you need to know about this topic is in this blog, as well as our process of onboarding. So let’s start!
Understanding Client Infrastructure
The first step in SOC company onboarding is understanding client infrastructure. Let’s take a closer look at what this integration entails:
Understanding the Server Landscape
First, we need to get a handle on the client’s server setup. This means identifying:
- The roster of servers in play
- The specific roles each server fulfills
- The array of services running on each server
- The versions of these services are crucial for ensuring compatibility and security.
Distinguishing Cloud Configurations
Not all servers are created equal, especially in the cloud. Some servers bask in the public cloud’s communal glow, while others enjoy the solitude of the private cloud. It’s essential to discern:
- Which servers reside in the public cloud, fostering collaboration and flexibility
- Which servers reside in the private cloud, offering enhanced control and security
- How these cloud configurations impact data management and access controls.
Unveiling the On-Premise Infrastructure
Within the vast digital realm, we find the steadfast on-premise servers—protecting valuable data and ensuring smooth operations. Exploring these servers involves:
- Identifying the critical functions they perform within the organizational ecosystem
- Assessing their physical and logical security measures
- Understanding their integration points with cloud-based and external systems.
Once the SOC company is aware of the whole infrastructure, the next step is to explore existing monitoring tools.
Exploring Existing Monitoring Tools
Let’s continue with taking a peek into what monitoring and alerting tools the client is already using. This gives us a good idea of what they’ve got going on and helps us figure out how to build upon it:
- What Monitoring Tools Are in Use?
We want to know what tools the client relies on to keep an eye on things. Are they using software to monitor network activity or keep track of how their systems are performing? Understanding what’s already in their toolkit helps us figure out where we can fill in the gaps. - What Alerting Tools Are They Using?
Alongside monitoring tools, the client probably has systems in place to alert them when something goes awry. Maybe they get emails or texts when there’s a problem, or perhaps they use a ticketing system to keep track of issues. It’s important to understand how they’re getting these alerts and how effective they are at responding to them.
By getting a handle on the client’s current monitoring and alerting setup, we can better tailor our approach to meet their needs. Let’s dive in and see what we find!
Assessing Past Attacks and Incidents
Before we dive headfirst into bolstering the client’s defenses, it’s crucial to take a step back and examine any past incidents they may have encountered. That’s exactly our third step in the SOC company onboarding process. Here’s what we’ll be looking into:
- Incident Escalation Procedures: First, we need to know if the client has a clear protocol in place for handling security incidents. Do they have a defined process for escalating ensures to the right people and departments? Understanding their escalation procedures helps us ensure that any future incidents are dealt with swiftly and effectively.
- Reviewing Past Attacks: Next, we’ll dig into the client’s history to see if they’ve faced any attacks or security breaches in the past. We’ll want to know if these attacks were successful or unsuccessful and what was determined to be the cause. By understanding the root causes of past incidents, we can better fortify the client’s defenses against future threats.
Also, determining whether the client has implemented any security measures should be the foremost question on our minds.
Identifying Weak Points in the System
This process includes:
- Listing Weak Points: The first step in identifying weak points in the system is to compile a comprehensive list of vulnerabilities. This involves conducting thorough audits and assessments to uncover any areas of weakness or potential risk.
- Identifying Vulnerable Services: Once we have a list of weak points, the next step is to identify any vulnerable services within the client’s infrastructure. This includes pinpointing services that may be outdated, misconfigured, or lacking proper security measures.
- Listing Escalation Procedure Gaps: In addition to technical vulnerabilities, it’s essential to examine the client’s incident escalation procedures for any gaps or deficiencies. This involves reviewing the existing protocol for reporting and responding to security incidents and identifying areas where improvements can be made.
Determining Necessary Security Tools
This involves a thoughtful assessment of the client’s specific security requirements and vulnerabilities. Once we’ve identified the requisite security tools, the next step is to collaborate closely with the client to ensure seamless installation and integration.
This collaborative approach ensures that the selected tools are not only implemented effectively but also integrated with the client’s existing alerting system. By aligning the installation and integration process with the client’s operational needs and preferences, we can maximize the effectiveness of these tools in safeguarding their system against potential threats.
Establishing 24/7 Monitoring
In the journey of onboarding a SOC company, a crucial milestone is the establishment of continuous monitoring. Here, the SOC vendor integrates their dedicated team directly into the client’s monitoring system. This strategic move ensures that the SOC team is embedded within the client’s digital ecosystem, actively monitoring system events and activities through log analysis.