Security Analytics and Security Operations Center as a Service

Strengthen cyber defences with security analytics and SOC as a service

Evidence of security incidents crops up in various systems. Often, however, there is no central location for consolidating or analysing the logs.

As a result, those in charge do not have the necessary overview, resulting in incidents being detected too late. The situation is then exacerbated by a lack of specialists and cost pressures.

For cost reasons: Security Analytics and SOC as a Service

The complexity of today’s infrastructures, which are often hybrid, makes it difficult to analyse and respond appropriately to security incidents. SIEM (Security Incident and Event Management) systems for comprehensive analysis are expensive and companies will rarely have the specialist staff to support 24/7 operation. And while cost pressures are impacting company budgets and resources, cybercriminals are stocking up their arsenals.

It is not economical for many companies to set up their own infrastructure for Security Analytics (SA) or even a Security Operations Center (SOC) as part of comprehensive threat detection & response. This means that managing the infrastructure from within the organisation is often not an attractive solution. Managed Services, such as Security Analytics as a Service (SAaaS) or SOC as a Service (SOCaaS), are therefore attractive alternatives for reasons of cost and security.

When is it the right solution?

Companies need to regain visibility of security-related incidents to be able to respond in a timely manner. This is the only way to prevent outages, data loss and reputational damage. Central security analytics systems or a comprehensive security operations centre are central to this. The challenge facing IT security managers is how to meet these requirements within budget and with the available specialist staff.

To address IT security as a whole under these conditions, you need a sourcing strategy for threat detection & response. With security analytics and SOC as a service, you can provide the required security services at predictable costs and ensure the necessary level of security. Such services include state-of-the-art solutions for SIEM and SOAR (Security Orchestration, Automation and Response), which give you a good overview of security incidents, allowing you to respond in good time.

Your benefits:

  • Save and control costs with modular services
  • Achieve the necessary security level without the infrastructure costs
  • Minimise downtime and response times thanks to round-the-clock operation

SAaaS & SOCaaS in detail

Security Analytics as a Service (SAaaS)

Rapid detection of potential security incidents with these main features:

  • Leading SOC platforms based on Microsoft, Palo Alto Networks or Splunk technologies
  • SIEM platform collects, aggregates and correlates log data and works together with SOC-SOAR platform for orchestration and automation
  • AI-powered threat detection use case for the detection of incidents
  • Compliance and security reporting for regulatory requirements (e.g. FINMA) and to meet the obligation to provide proof
  • 24/7/365 operation
Go to factsheet

Security Operations Center as a Service (SOCaaS)

Detection of security incidents and analysis with recommendations for action (requires SAaaS):

  • Identification and rating of security incidents for criticality, impact and potential risk for your organisation
  • First response for active cyberattacks
  • Notification and escalation of security incidents
  • Seasoned, highly experienced security experts

Optional services: 

  • Detection and alerting of critical vulnerabilities thanks to vulnerability management integration
  • Discover hidden threats before they cause any damage with advanced threat hunting
Go to factsheet

Application examples

No business case

For cost reasons, it is not economical for you to operate a Security Operations Center around the clock with your own specialist staff. With SAaaS and SOCaaS, you can source security monitoring as a service at predictable costs.

Technical constraints

With your existing SIEM, you are inundated with false positives or are unable to integrate all logs and correlate events manually. If your existing infrastructure is no longer fit for purpose, SAaaS gives you a modern and scalable SOAR environment.

IT complexity

Is your cyber defence up to the job of protecting your complex infrastructure from sophisticated cyber attacks? With Security Operations Center as a Service, you can be sure of a timely detection and response to security incidents.

Threat Detection and Response overview

SAaaS and SOCaaS are the basic modules of the Threat Detection & Response service. Log files and other sources for events are correlated and analysed on a Big Data platform. The Security Analytics dashboard provides information about events; with SOCaaS, Swisscom security experts also take over the event management.

Why Swisscom?

Experience

We understand and protect our own infrastructure and the infrastructures of many of our customers.

Customised

You benefit from our specially developed analytics use cases.

Specific

You implement your own use cases with analytics and SOC as a Service.

Find out more

Autres articles

Our experts will be happy to answer your questions. Contact us.