Some companies have attempted to build their own security information and event management (SIEM) or security operations center (SOC) in-house only to find the solution unsatisfactory. The SIEM platform they purchased is too expensive. Or the company lacks the skilled in-house security staff to manage it. Or their SIEM platform has not been configured properly. It may produce too many false-positive alerts and not enough actionable information.
Resource Constraints for SMEs:
“A minimum of eight to twelve analysts are needed for 24/7 monitoring—an unrealistic objective for most (midsized enterprises.”
2018 Gartner Cool Vendors in Security for Midsized Enterprises
A SIEM is an expensive tool that takes up to six months to deploy. It also requires 24/7 oversight from expert security engineers to work effectively. Many small to midsize enterprises (SMEs) who try to deploy and manage a SIEM solution on their own fail miserably. According to a 2017 Ponemon Institute research report, 70% of respondents say current SIEM technologies do not provide the most accurate, prioritized and meaningful alerts. 61% of the respondents say they need a better understanding of the context associated with SIEM events, and 54% of respondents say a SIEM is “noisy” and generates too much low-level data and alerts, which makes it difficult to focus on what really matters.
A SOC-as-a-service is a perfect choice if your company is considering a SIEM, or if you already have one but are struggling with threat detection and incident response.
Arctic Wolf’s SOC-as-a-service comes with a proprietary cloud-based SIEM platform. When you build a SOC yourself, you need a $1+ million budget, six to 12 months for a SIEM rollout, and a team of security analysts to manage the whole thing. The AWN CyberSOC™ service deploys in minutes, and ongoing tuning and maintenance are done completely by your Arctic Wolf Concierge Security™ team (CST), who customize the service to your exact specifications.
The AWN CyberSOC™ service delivers the following capabilities at a simple and predictable subscription price that puts smaller enterprises on the same cybersecurity playing field as Fortune 100 enterprises. It includes:
Benefits of AWN CyberSOC SIEM capabilities:
- Single pane of glass across attack surfaces to centralize monitoring of applications and data in the cloud (SaaS and IaaS workloads), hybrid, and on-premises environments
- Common incident response framework and 24×7 monitoring to help aggregate, prioritize, and track incidents
- Focus on decreased false positives and fewer alerts with assigned Concierge Security™ teams of security experts
- Vendor-agnostic model with the ability to ingest logs from endpoints (EPPs, AV), email security gateways, on-premises security devices Firewalls/IDPSs, Active Directory, SaaS, IaaS, PaaS
- Periodic vulnerability scanning and access to current threat intelligence
- Custom reporting to enable various compliance and regulatory requirements
- Predictable pricing with a fixed subscription