CND have been instrumental in building SOCs since before the turn of the century, initially for Defence and Government, now all sectors.
We do practise what we preach and have our own SOCs which we run as an MSSP for small to medium size businesses. More Info... We also have our staff embedded into our clients SOCs to supplement their staff or as an
As SOC build veterans with decades of experience in building numerous SOCs, there is nothing that phases us. We are vendor neutral and have worked with almost every security technology out there, we also have an extended global pool of Associate Partners who have some extremely specialist skills who we can call upon if required.
Below are a handful of SOC build projects we have worked on for our clients over the years:
Our client was breached and had no monitoring capability. Our Incident Response Team, triaged the incident within the hour and we had sensors in place shortly after, monitoring internal activity as well as IDS monitoring the boundaries, this all reported into our SOC under the MSSP service, whilst our Incident Response Team got to the root cause. After the 2 week "trial" the client signed up for the MSSP whilst we helped them develop their own monitoring capability
Our client had an urgent need for a fully functioning SOC from a few sensors and their preferred SIEM. We sent in an SOC build veteran to gather the requirements and a project manager to form a plan which met the 3 week deadline. A security engineer got it all working and once it was reporting, an analyst started to work with the engineer to tune it. by the 3 week go live date, we had a shift system of our analysts and our recruitment team was finding permanent staff to replace them.
Our client already had an established on-premise SOC, but had a requirement for it to migrate to the Cloud. Our SOC architectural team designed and implemented a solution which is nearing operation.
Our client is now an MSSP household name and whilst they had a SOC it was not suited to an MSSP. We were engaged to build them a capability around a SIEM for which they had an enterprise license.
Our client had been offered a proof of concept SOC of a complete solution which they were unhappy with. We were given a meagre budget, within which we need to build a Detection and Response capability. After capturing the requirements, we set about designing a solution, which was accepted by the client. We then implemented the design which proved so popular with the client that we were referred to another client to repeat the design.
Our Defence client needed some expertise to assist them in the design and build of a global SOC. We supplied them with a subject matter expert who was embedded within the organisation for an extended period. As the SOC reached Interim Operational Capability, we were approached for more Senior SOC analysts, threat hunters and security engineers to be embedded within the organisation to work alongside military staff and provide skill transfer.