Large national and international organisations now have their own Security Operations Centres (SOC). The ultimate control room for cyber security is the cream of the crop, but it also requires a lot of budget, talent, and people. Not realistic for SMBs, unless you streamline the formula and market it as a service model. That’s why Excellium Services and Tech Data are launching XLM360 Foundation.
“A SOC team isn’t affordable for an SMB today.” Wim Kretzers, Business Consultant at Tech Data Belux, points to the highly specialised profiles, 24/7 staffing, and the high-quality tools & software you need to set up a SOC. “Something like this is feasible for certain financial institutions and large companies, but it’s unrealistic for the SMB market.”
To make a SOC more accessible, Excellium Services and Tech Data joined forces and developed XLM360 Foundation. It offers the most effective solution against cyber attacks, from which no enterprise is spared, at a drastically lower price.
A limitation in data logs & an acceptable risk
According to Kretzers, today’s SOCs still have a lot of bells and whistles that an SMB doesn’t need. That’s the first important cost saver within XLM360 Foundation. A second important saving factor is the focus on a certain set of data sources. “The cost of a SOC is based on the amount of data logs sent to the SIEM. The more logs, the higher the licence fees, the more pressure on the people behind the system. With XLM360 Foundation, we can give the customer much more flexibility and a more limited, but still sufficient, number of data sources to choose from.” This way, you can find the optimal balance between available budget and acceptable risk within the business environment.
And if there’s still a breach?
After a breach is detected, SOCaaS will also provide an appropriate answer. Gaetan Franquin, Pre-Sales at Excellium Services Belgium, clarifies, “After a thorough investigation of the breach, we provide the organisation with an analysis of what happened and a clear roadmap for solving the problem.”
Focus on the three Ps
This offer is disruptive in the Belgian market. “Sure, you’ll find a provider somewhere, but you won’t find the three Ps – People, Process, and Product anywhere else. I know this sounds like a flat sales pitch, but nobody else comes close to this technically high level today,” says Wim Kretzers.
The architecture of this solution contains five standard data sources for which the logs are recorded:
- Proxy server
- Antivirus Server
- Active Directory
- Mail gateway
The above components are the most important for a good SOC, and you can get started quickly with them. “We always start with the foundation pack where we on-board those five components. After that, a process can start in which use cases are added that are tailored to the customer, in order to achieve an even higher security maturity,” says Franquin.
The lead time to roll out XLM360 Foundation is remarkably short. “There is a maximum of six weeks between the first meeting and the go-live of SOCaaS within the organisation,” says Kretzers. If you would like to see how it all works for yourself, you can request a demo beforehand.
The real deal
Now what do you get at what cost? You get all the benefits of a SOC, with a pool of over 130 cyber security experts that are available 24/7 to analyse all the alerts raised by the included SIEM. That SIEM reads the logs of five included data sources that are aligned with twelve included, predefined use cases to detect the most exploited current threats. If the SOC analysts conclude an alert is indeed a real threat, you will get a notification by phone or email while the analysts prepare the best possible incident response for you. So, you really get SOC as a Service for a recommended end-user price of just below €5,000/month in a 12-month contract.
If you’re still looking for drawbacks, you’ll have to admit that it’s hard to find any. A refined selection of data sources will allow an SMB to have a SOC in-house today without investing heavily in software and additional staff. XLM360 Foundation provides the basis on which organisations can build towards greater cyber security.