sans review of arctic wolf's soc-as-a-service

© 2017 The SANS™ Institute – www.sans.org

SOC-as-a-Service: All the Benefits of a SOC Without the High Costs of a DIY Solution

Sponsored by Arctic Wolf

2© 2017 The SANS™ Institute – www.sans.org

Utilizing the SOC

Concierge Security Engineer (CSE)• Extension of your IT or InfoSec team• Benefits of a CSE:• Single point of contact• Deep understanding of environment over time• Experience dealing with security incidents• No need to learn new products or technologies

3© 2017 The SANS™ Institute – www.sans.org

Utilizing the SOC (cont’d.)

Regular meeting with the CSE

4© 2017 The SANS™ Institute – www.sans.org

Customization Rule Engine (CRule)

One of the biggest benefits of CyberSOC is the ease of customization. This allowed us to:

• Rank assets• Rank severity• Rank alerts

5© 2017 The SANS™ Institute – www.sans.org

Mean Time to DetectScenario 1: Ransomware detonated in our environment

6© 2017 The SANS™ Institute – www.sans.org

Conclusion• SOC is a proven security solution that increases a company’s

security posture.• Challenges with typical SOCs are the high cost of

implementation and the length of time to build.• Arctic Wolf Network’s CyberSOC offering is well-suited to

midsize organizations. Benefits include:• Short time to implement and comparative low cost—

minutes rather than months or years to get up and running• Provides a comprehensive SOC-as-a-Service solution• Vets through millions of events on behalf of the customer• Reduces customer alert fatigue by identifying false positives before they

reach the customer• Provides a dedicated CSE to work with the customer