Assuria SOC Management Platform: Build your own SOC

Assuria’s innovative and proven SOC Management Platform allows partner organisations to easily and quickly establish their own, easy to manage, multi-tenant SOC operations from scratch and to deliver a range of enterprise grade monitoring, detection and response (MDR) managed services to their clients at affordable cost.

With the whole core SOC technology stack being provided by Assuria, low management costs due to heavy use of automation and virtualisation, and low licence costs, a whole new community of viable MSSP businesses (of almost any size) are being established to meet the rapidly growing worldwide demand for managed security services. Assuria’s SOC Management Platform enables the rapid establishment of massively scalable and effective SOC operations in almost any environment, in just weeks.

Assuria’s SOC Management Platform is tightly integrated with Assuria’s renowned cyber security monitoring and vulnerability assessment software solutions ALM-SIEM, ALM-FIM and ALM-VAS, and includes highly effective operational dashboards and threat intelligence feeds. With this platform and a full suite of business supporting materials, training and technical support, Assuria SOC Partners can launch a range of proven enterprise class MDR managed services in the shortest possible time. Assuria’s shared risk and consumption based commercial model for SOC Partners means incredibly low up front investment in SOC software licences.

Data flow – single customer

  • Logs flow through a proxy on the customer site across the Internet to a proxy in the SOC, then onto an ALM-SIEM instance.
  • The ALM-SIEM instance creates a forensic audit trail for future investigations and then undertakes automated analysis and generates alerts into a central ticketing system.
  • Analysts review alerts and instigate investigations, consulting ALM-SIEM as appropriate.
  • *Note, ALM-SIEM ensures that all log data transfer is secure end-to-end. The Forward Proxy is provided for networking convenience and optimisation.

Data Flow – multiple customers

Multiple customer (multi-tenancy) principles:

  • Each customer has their own forward proxy.
  • The reverse proxy in the SOC selects the customer’s ALM-SIEM server.
  • Each customer has their own ALM-SIEM instance: no risk of mixing up customers’ data. Separation is normally via a dedicated VM per customer, but separate physical servers or separate disks can be provided if required.
  • This is made possible (i.e. multiple ALM-SIEM instances) because deployment is fully automated.
  • Excellent horizontal scalability is assured, because the SOC doesn’t have one enormous SIEM instance containing and trying to manage every customer’s data within it.