Assuria SOC Management Platform: Build your own SOC

Assuria can now provide a complete SOC Management Platform to allow organisations to build their own easy to manage multi-tenant (or internal multi-department) SOC operations from scratch.

With the whole core SOC technology stack being provided by Assuria and low management costs due to heavy use of virtualisation and configuration automation, a whole new community of viable SOC businesses are being established to meet the rapidly growing worldwide demand for managed security services, especially for mid sized organisations. Assuria’s SOC Management Platform enables the rapid establishment of infinitely scalable and effective SOC operations in almost any environment, in just weeks.

Since the Assuria SOC Management Platform is tightly integrated with Assuria’s renowned cyber security software solutions ALM-SIEM, ALM-FIM and ALM-VAS, Assuria SOC Partners can launch a range of proven enterprise class security monitoring and vulnerability assessment managed services to meet rapidly growing demand for these services.

Data flow – single customer

  • Logs flow through a proxy on the customer site across the Internet to a proxy in the SOC, then onto an ALM-SIEM instance.
  • The ALM-SIEM instance creates a forensic audit trail for future investigations and then undertakes automated analysis and generates alerts into a central ticketing system.
  • Analysts review alerts and instigate investigations, consulting ALM-SIEM as appropriate.
  • *Note, ALM-SIEM ensures that all log data transfer is secure end-to-end. The Forward Proxy is provided for networking convenience and optimisation.

Data Flow – multiple customers

Multiple customer (multi-tenancy) principles:

  • Each customer has their own forward proxy.
  • The reverse proxy in the SOC selects the customer’s ALM-SIEM server.
  • Each customer has their own ALM-SIEM instance: no risk of mixing up customers’ data. Separation is normally via a dedicated VM per customer, but separate physical servers or separate disks can be provided if required.
  • This is made possible (i.e. multiple ALM-SIEM instances) because deployment is fully automated.
  • Excellent horizontal scalability is assured, because the SOC doesn’t have one enormous SIEM instance containing and trying to manage every customer’s data within it.