Building Security Operation Centres
CND have been instrumental in building SOCs since before the turn of the century. We're completely flexible and available to support your own build team, deliver the entire build and hand it over, or anything in between.
SOC Build as a Service
Whilst we will continue to build SOCs for our clients with agility in whatever way they want, for ultimate flexibility in delivery, you can engage us to build your SOC (or part therein) as a service, where we manage the process from start to finish, you decide on your level of involvement and we agree on the project milestones.
We then supply the necessary consultants and as the build develops consider rotating them out for more appropriate consultants, for example as the build moves from governance, to implementation and to operation. All the while parachuting in subject matter experts to efficiently handle those very specialised tasks and dare we say, inevitable problems.
Over the years, this approach has proved to be increasingly popular with both our clients and partners. The traditional approach of having specific consultants to deliver the entire project proved to be too rigid and inefficient. Moreover, it all too often fell foul of UK tax regulations.
Previous Client Engagement Examples
As SOC build veterans with decades of experience in building numerous SOCs, there is nothing that fazes us. We are vendor neutral and have worked with almost every security technology out there, we also have an extended global pool of Associate Partners who have some extremely specialist skills who we can call upon if required.
Below are a handful of SOC build projects we have worked on for our clients over the years:
Our client was breached and had no monitoring capability. Our Incident Response Team, triaged the incident within the hour and we had sensors in place shortly after, monitoring internal activity as well as IDS monitoring the boundaries, this all reported into our SOC under the MSSP service, whilst our Incident Response Team got to the root cause. After the 2 week "trial" the client signed up for the MSSP whilst we helped them develop their own monitoring capability.
Our client had an urgent need for a fully functioning SOC from a few sensors and their preferred SIEM. We sent in a SOC build veteran to gather the requirements and a project manager to form a plan which met the 3 week deadline. A security engineer got it all working and once it was reporting, an analyst started to work with the engineer to tune it. By the 3 week go live date, we had a shift system of our analysts and our recruitment team was finding permanent staff to replace them.
Our client already had an established on-premise SOC, but had a requirement for it to migrate to the Cloud. Our SOC architectural team designed and implemented a solution which is nearing operation.
Our client is now an MSSP household name and whilst they had a SOC it was not suited to an MSSP. We were engaged to build them a capability around a SIEM for which they had an enterprise license.
Our client had been offered a proof of concept SOC of a complete solution which they were unhappy with. We were given a meagre budget, within which we need to build a Detection and Response capability. After capturing the requirements, we set about designing a solution, which was accepted by the client. We then implemented the design which proved so popular with the client that we were referred to another client to repeat the design.
Our Defence client needed some expertise to assist them in the design and build of a global SOC. We supplied them with a subject matter expert who was embedded within the organisation for an extended period. As the SOC reached Interim Operational Capability, we were approached for more Senior SOC analysts, threat hunters and security engineers to be embedded within the organisation to work alongside military staff and provide skill transfer.