Assuria SOC Management Platform: Build your own SOC

Assuria’s innovative and proven SOC Management Platform allows partner organisations to easily and quickly establish their own, easy to manage, multi-tenant SOC operations from scratch and to deliver a range of enterprise grade monitoring, detection and response (MDR) managed services to their clients at affordable cost.

With the whole core SOC technology stack being provided by Assuria, low licence costs are a given, and low operational management costs due to heavy use of automation and virtualisation, a whole new community of viable MSSP businesses (of almost any size) are being established to meet the rapidly growing worldwide demand for managed security services. Assuria’s SOC Management Platform enables the rapid establishment of massively scalable and effective SOC operations in almost any environment, in just weeks.

Assuria’s SOC Management Platform is tightly integrated with Assuria’s renowned security monitoring and vulnerability assessment software solutions ALM-SIEM, ALM-FIM and ALM-VAS, and includes comprehensive alerting, reporting and analysis dashboards and threat intelligence feeds. With this platform and a full suite of business supporting materials, training and technical support, Assuria SOC Partners can launch a range of proven enterprise class MDR managed services in the shortest possible time. Assuria’s shared risk and consumption based commercial model for SOC Partners means incredibly low up front software licence investment. And low operational management costs means low managed service fees for clients.

Data flow – single customer

  • Logs flow through a secure tunnel from the client environment to the SOC (using Forward and Reverse Proxies, each with client specific crypto), then onto an ALM-SIEM instance.
  • The ALM-SIEM instance creates a forensic audit trail for future investigations and then undertakes automated analysis and generates alerts and reports and optionally into a central ticketing system.
  • Comprehensive alerting, reporting and security analysis dashboards are automatically populated within the SOC.
  • Analysts review alerts and instigate investigations, consulting ALM-SIEM as appropriate.
  • *Note, ALM-SIEM ensures that all log data transfer is secure end-to-end. The Forward Proxy is provided for networking convenience and optimisation.
  • The vSOC concept (including complete data segregation and the secure tunnel) provide each client with (optional) secure access to their own alerting, reporting and analysis dashboards.

Data Flow – multiple customers

Multiple customer (multi-tenancy) principles:

  • Logs flow through a secure tunnel from the client environment to the SOC (using Forward and Reverse Proxies, each with client specific crypto), then onto an alloted ALM-SIEM instance.
  • Each client has their own forward proxy and unique crypto setup.
  • The reverse proxy in the SOC selects the client’s ALM-SIEM server, based on the client specific crypto.
  • Each client has their own unique vSOC (including separate ALM-SIEM, ALM Database and Log Store instances, providing full data segregation at all times. vSOC separation is normally via a dedicated VM per client, but separate physical servers or separate disks can be provided if required.
  • Deployment of multiple vSOC and ALM-SIEM instances is fully automated.
  • The vSOC concept (including complete data segregation and the secure tunnel) provide each client with (optional) secure access to their own alerting, reporting and analysis dashboards.
  • Excellent horizontal scalability is assured, because the Assuria SOC doesn’t have a single SIEM and Db instance containing and trying to manage every client’s data within it.