Employees in your organisation work with their company computers in different locations. It provides a sense of freedom - but it's also risky. To detect and assess the increasing number of warning signals, today's IT security needs to be updated. Individual systems or people within the company are not able to distinguish between dangerous and harmless signals. AddPro's new SOC solution adds a key dimension to your security work!
IT managers can no longer quickly scroll through the last 24 hours' logs and act on things that look mysterious. The reason is that a modern company collects a huge amount of data every day from systems such as Azure AD, Office 365, EMS, but also from DNS, Firewall and various virus protections, among others.
So the problem is not a lack of warning signs. There are too many! In AddPro's SOC solution, the alerts are recorded and put into a context that helps your organisation to react to the right things at the right time.
What is a Security Operations Center?
The SOC is a centralised unit that deals with security issues at organisational and technical level. It is staffed by both real people who can be reached 24/7 by phone and by Artificial Intelligence that is constantly learning more about how new threats may arise.
You can think of the SOC as a constantly vigilant watchdog, patrolling the systems you already have in your organisation. The artificial guards are constantly active to record the signals, interpret them and decide what action to take. Should any device be shut down? Do we need to get hold of a particular person? Do passwords need to be changed? The human guards do what they do best, like keeping in touch with your IT managers when problems arise.
The SOC idea is not new, but it has evolved to become an even more powerful tool against malicious cyber attacks. Zero Trust thinking is at the heart of AddPro's new SOC and it is now aimed at mid-sized organisations. Previously, SOC was only for larger organisations but with Azure Sentinel, the opportunity was opened up to those SMBs that deal with data so critical that they consider it worth the cost.
However, the main target group is organisations of 100 employees and above. The question is how many millions it costs per lost time unit if there is a hijacking and then set that against the cost of adding a SOC to the company's IT security.
This is how the difference between the previous and current SOC can be explained:
- Worked mainly from the inside
- Focused on the network and what happened there
NEW MODERN SOC
- Focusing on Zero Trust - identity is the most important and networks only a small part
- Now the place is everywhere - not just inside the office
- Uses signals from Azure and looks for events that are abnormal...
- ... and make incidents of these abnormal events
- More active than before - looking around at the world and understanding the smallest signals in the organisation's systems that someone has entered
Sentinel is the brain behind SOC
SOC is built on Microsoft Sentinel: a cloud-integrated security information and event management (SIEM) platform. It is constantly updated with the experience Microsoft gathers to identify new threats. For example, Sentinel detects if a user has logged in from an unexpected location and juxtaposes that event with other smaller signals - the correlation between these different signal sources determines the response from the SOC.
If an old SOC is similar to a truck, AddPro's new SOC is an entire logistics company - but at the same price as a truck used to cost.
We continue with the truck metaphor: "Everyone can buy a truck - but not everyone can drive it". The same goes for the Sentinel. The goal of Sentinel is to automate the security process as much as possible and combine this strength with AddPro's knowledgeable consultants who can ride the system - it makes for a modern SOC!
AddPro fights cyber threats - you deliver core business
Anyone interested in having access to their own Security Operations Center can easily get started. Contact AddPro's sales team who will involve a consultant in the project, then download an app from the Azure Marketplace to start the technical connection to the SOC - then begin an implementation project. This analyses your specific processes for dealing with security incidents - something that is developed in consultation with you.
For AddPro, collaboration is a continuous process, while you can continue to deliver your core business and let the SOC take care of security.
The organisation that has switches, firewalls, other cloud services (e.g. Amazon) and other third-party services is finding it increasingly difficult to keep track of everything - so support is needed to bring it all together into one overview. This makes the SOC offering uniquely tailored to your circumstances and risk picture.
AddPro adds a new dimension to IT security with a new modern SOC from Microsoft. Want to know more about how you can add new IT security to your organisation? Contact us and we will help you! Or why not nominate your company for a free Microsoft Security workshop today!