Assuria SOC Management Platform: Build your own SOC

Assuria can now provide a complete SOC Management Platform to allow organisations to build their own easy to manage multi-tenant (or internal multi-department) SOC operations from scratch.

With the whole core SOC technology stack being provided by Assuria and low management costs due to heavy use of virtualisation and configuration automation, a whole new community of viable SOC businesses are being established to meet the rapidly growing worldwide demand for managed security services, especially for mid sized organisations.

Since the Assuria SOC Management Platform is tightly integrated with Assuria ALM SIEM, it  allows the rapid establishment of infinitely scalable and effective SOC operations in almost any suitable environment, in just weeks.

Basic data flow – single customer

  • Logs flow through a proxy on the customer site across the Internet to a proxy in the SOC, then onto an ALM SIEM instance.
  • The ALM SIEM instance creates a forensic audit trail for future investigations and then undertakes automated analysis and generates alerts into a central ticketing system.
  • Analysts review alerts and instigate investigations, consulting ALM SIEM as appropriate.
  • *Note, ALM SIEM ensures that all log data transfer is secure end-to-end. The Forward Proxy is provided for networking convenience and optimisation.

Basic data Flow – Multiple customers

Multiple customer (multi-tenancy) principles:

  • Each customer has their own forward proxy.
  • The reverse proxy in the SOC selects the customer’s ALM SIEM server.
  • Each customer has their own ALM instance: no risk of mixing up customers’ data. Separation is normally via a dedicated VM per customer, but separate physical servers or separate disks can be provided if required.
  • This is made possible (i.e. multiple ALM instances) because deployment is fully automated.
  • Excellent horizontal scalability is assured, because the SOC doesn’t have one enormous SIEM instance containing and trying to manage every customer’s data within it.