What We Do
We safeguard your organisations future
SOC Service Tiers
For more information on the table please scroll horizontally from ← left to right →.
Basic(BYOTO)View Service | Standard (Limit of 200 AssetsA)View Service | Advanced (Limit of 1000 AssetsA)View Service | Enterprise (Contact Sales for Scope)View Service | |
|---|---|---|---|---|
Foundational Security Operations as a Service (BSOCaaSM) | ||||
8×5B SLAG based Detect & Notify | – | – | – | |
24x7x365C SLAG based Detect & Notify | – | |||
Active Threat Hunting and Advisory | – | – | ||
Threat Intelligence Management (TIMQ) | – | – | Optional | |
Incident Response Management (IRMR) | – | – | Optional | |
Daily Threat BenchmarkD Reporting | – | |||
Weekly SLA Benchmark Reporting | ||||
Monthly Executive Reporting | ||||
ComplianceE Reporting | Optional | |||
Security Incident and Event Management as a Service
(SIEMaaSL) | ||||
Log Management with 400 Days Live Log Retention | – | |||
Platform Administration | – | |||
Daily Health Check Reporting | – | |||
Activeboards (Real-Time Dashboards) | – | |||
Collaboration Integrations (Slack, JIRA, Service now, Pagerduty, Webhooks & email) | – | |||
SecOps DFIRF Triaging | – | |||
SecOps DFIRF Entity Analytics | – | |||
ComplianceE Use Cases | – | |||
Security Orchestration, Automation & Response as a Service (SOARaaSK) | ||||
750+ integrations | – | – | ||
680+ content packs | – | – | ||
Workflow automations for active response | – | – | ||
Security-focused automated case management | – | – | ||
Threat intelligence management | – | – | ||
Network security automation | – | – | ||
Cyber security vs. operations integration and automation | – | – | ||
Machine-Learning based playbooks | – | – | ||
Scheduled reporting | – | – | ||
Consolidated dashboards for Incidents, SLAG and collaboration | – | – | ||
Use Case Development and Implementation on SOAR | – | – | AD-HOCT | |
Co-Managed administration for SOAR | – | – | – | Optional |
ComplianceE Use Cases | – | – | ||
SOC Service Tiers Breakdown
Additional SOC Services
Services | |||
|---|---|---|---|
Breach and Attack Simulation (BrAtSimaaS) | Additional AD-HOCT Service | ||
External Threat Intelligence Management (XTIMaaS) | Additional Service | ||
Cyber Emergency Response Unit (CERUS) | Purely AD-HOCT based service | ||
Managed Extended Detection and Response (MxDRaaSU) | 8×5B SLAG based Detect & Notify | 24x7x365C SLAG based Detect & Notify | |
Virtual Security Operations Centre (vSOCV) | Extension to a SOC purely for after-hours support. Contact Sales to Scope | ||
SOC Portfolio of Additional Services
Our portfolio consists of Services and solutions focused on the key aspects of Security Operations.
These services are as defined in the Glossary below:
SOCaaS Catalogue Glossary
Identifier | Name | Definition |
|---|---|---|
A | Assets | Any device identified in the environment. This includes Servers, Laptops, Desktops, SaaS Solutions like O365, Cloud API, Network Devices, Security Devices. |
B | 8×5 | Indicates that the SLA service is only based on normal working hours starting at 08:00 and ending at 17:00 |
C | 24x7x365 | Indicates that the SLA service is based on an always available service. Our SLA promises a 98% Available on the 24x7x365 service. |
D | Benchmark | Benchmarking means that the reporting is based on the comparrison of the previous intervals allowing the reporting to stippulate changes in activity. |
E | Compliance | Current Compliance support includes; PCI-DSS, ISO 27k, NIST 800-53, GDPR, HIPAA, SOX, POPIA, CIS. |
F | DFIR | Digital Forensics and Incident Response is a function enabled on the SIEM solution enabling forensics and Incident response to be performed on the SIEM Solution |
G | SLA | Service Level Agreement stipulates the services levels defined and aggreed between parties for the services provided |
H | VMaaS | Vulnerability Management services provided for the identification, classification, prioritization and reporting of vulnerabilities in a perpetual service. |
I | ASMaaS | Agnostic services where the SOC will perform security monitoring on specific Cyber Security Solutions on either an 8×5 or 14x7x365 service. |
J | NAAMaaS | A 24x7x365 service focused on the detection of downtime on devices and processes that are critical to business. |
K | SOARaaS | SOAR on cloud as a shared service allowing customers to have the full capabilities of a SOAR solution as a service. |
L | SIEMaaS | SIEM on cloud as a shared service allowing customers to have the full capabilities of a SIEM solution as a service. |
M | BSOCaaS | Indicates the base of our SOC services excluding the technologies required to successfully perform SOC. |
N | SOCaaS | SOCaaS describes the core of our proposition to customers. |
O | BYOT | Bring Your Own Technology – Indicates that the customer is required to have or purchase their own SIEM and SOAR solutions before our SOC can provide the entry level “Starter” Service. These technologies can be purchased via the SOC either independent of the service, as a service or via any partner. Note that the SOC is agnostic of the vendor technologies but do require the base elements of the purposes of the technologies. |
P | NSMaaS | NSMaaS is our service delivered through network behavioral analytics solutions such as Darktrace. |
Q | TIM | Our platform with rich indicators of compromise that are analysed and conextualized by our SOC analysts. |
R | IRM | Our services item that indicates that the SOC is capable of taking action on any breach or attacks occuring within the customer environment. |
S | CERU | Our version of CIRT (Cyber Incident Response Team) with added context and functionality through the SOC. |
T | AD-HOC | For the definition of this service, AD-HOC indicates that the function is based on Various Cost models that can be scoped per request. |
U | MxDRaaS | A specialised SOC service purely based on an EDR, MDR and XDR solution. This service can also be based on either 8×5 or 24x7x365 SLAs |
V | vSOC | Virtual SOC means that we can perform SOC services on top of an already established SOC to enable visibility for After hours support to SOCs that are not always available. |
W | SIEM | Security Incident and Event Management |
X | SOAR | Security Orchestration, Automation and Response |
Y | XDR | eXtended Detection and Response |
Z | MDR | Managed Detection and Response |
AA | EDR | End-Point Detection and Response |
@ 2023, CYBER1 SOC
