Skip links

SOC outsourcing services

Comprehensive outsourcing services for the activities and infrastructure of a security operations center (SOC), including regular proactive actions, continuous monitoring and real-time response to cybersecurity incidents , with 24/7/365 coverage

Safetech’s SOC outsourcing services are provided by Safetech’s Computer Emergency Response Team (STI CERT®) and include:
  • Onboarding services,
  • Proactive asset discovery services,
  • Vulnerability assessment and security testing,
  • Event monitoring,
  • Incident detection,
  • Threat investigation and response on a 24/7/365 basis.

What problems do SOC outsourcing services address and what benefits do they bring?

The services presented in this document allow companies to outsource security operations center functions to an external provider. They offer the same capabilities as an in-house SOC (Security Operations Center), but without the costs of technical infrastructure and in-house specialized personnel. Below we present the main problems addressed by SOC outsourcing services, along with the benefits brought by these services:

1. Cost reduction

Outsourcing the SOC allows the organization to avoid the high costs associated with creating and operating an in-house SOC, including personnel, infrastructure, software, and maintenance costs. The organization can benefit from advanced SOC services without making large upfront investments, paying for subscription-based or on-demand services instead.

2. Access to specialized expertise

Outsourced SOC service providers employ highly skilled cybersecurity experts who are up-to-date on the latest threats, attack techniques, and protective measures. Beneficiaries can access the expertise of these specialists without having to recruit and retain/motivate all the necessary staff, which can be difficult and expensive.

3. 24/7/365 monitoring

An outsourced SOC provides continuous monitoring of networks and systems, 24/7, to quickly detect and respond to threats. The organization benefits from constant protection, reducing incident response time and minimizing the potential impact of attacks.

4. Scalability

An outsourced SOC center is sized to serve numerous customers simultaneously, while also having a reserve for peaks of activity, thus supporting, compared to an internal SOC, faster and easier the rapid adjustments of the level of service of one of its customers, according to its changing needs. The beneficiary can scale security services up or down without making significant investments in additional resources.

5. Access to advanced technologies

Outsourced SOC service providers invest in cutting-edge technologies for threat detection and response, such as XDR (eXtended Detection and Response), SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), and other security solutions. The organization benefits from these technologies without having to purchase, deploy, and maintain these complex and expensive solutions.

6. Reduced incident response time

An outsourced SOC can quickly detect and respond to threats, reducing the time it takes to remediate security incidents. Minimizing response time reduces the potential impact of attacks and limits operational and financial losses.

7. Regulatory compliance

Outsourced SOC service providers are often well-equipped and prepared to help organizations meet their compliance requirements with cybersecurity regulations such as GDPR, NIS2, or PCI DSS. Ensuring compliance helps the organization avoid penalties and maintain a good reputation.

8. Focus on the core business of the organization

Outsourcing the SOC allows the organization to focus on its core activities, leaving cybersecurity management in the hands of a specialized provider. The organization can channel its resources and attention towards its strategic objectives, knowing that its security is managed by professionals.

How the outsourcing services provided by Safetech work

The services provided by the CERT ITS centre are based on the information provided by a number of cybersecurity technology platforms, integrated with the client’s network and IT systems. The versatility of the Safetech team allows to use its own platforms, or those made available by the customer, or even a mixed model.

However, based on over 9 years of experience in providing SOC outsourcing services, Safetech recommends using a minimal technology architecture that respects the principles of simplicity and defense-in-depth:

  • Endpoint Detection and Response (EDR) to protect the most exposed entry points into customers’ network
  • Multi-technology platform based on eXtended Detection and Response (XDR) technology, which integrates EDR tools but also other sources of alerts and logs, providing a single SOC level monitoring panel.

For other services, such as vulnerability assessment, security risk analysis and management of security indicators, and monitoring of internet-exposed assets, which may also be of interest in the context of SOC services, additional specialised tools are needed.

Also, a hybrid environment that, apart from IT, includes OT/ICS components, may require additional specialized tools specific to the latter.

Safetech SOC Outsourcing Service Bundles

To meet the requirements of organizations of any size, Safetech provides three bundles of SOC outsourcing services. Safetech also offers the possibility to customize these bundles according to the current needs and resources of each client. The tables below show the contents of the Safetech bundles.

Technology platforms included in Safetech's SOC outsourcing bundles

Annual subscription bundleEssentialAdvancedElevate
Endpoint Detection Response      
• Endpoint Protection (EPP)
• Endpoint Detection and Response (EDR)
• Sandbox
• Deception
• Mobile Threat Detection (MTD)+++
eXtended Detection Response      
• EDR integration based on out-of-the box connectors (customer existing EDR)
• Next Generation Security Information and Event Management (NextGen SIEM)
• Intrusion Detection System (IDS)
• Case Management
• Network Detection and Response (NDR)
• User and Entity Behavior Analytics (UEBA)
• Automated Response
Vulnerability Management      
• Web/Network Vulnerability assessment (VA)
Risk Management      
• Asset inventory and business processes maping
• Security risk analysis and Management of Security Indicators
Operational Technology Security      
• OT Threat Detection+++
• OT Risk Management+++

Services included in Safetech's SOC outsourcing bundles

Annual subscription bundles

Essential

Advanced

Elevate

Startup Services

Onboarding services

Integration Services

Planning and Prevention

Asset Discovery

Monthly external vulnerability assessment

Monthly Internal Vulnerability Assessment

Security Testing (*)

+

+

up to 2 activities per year

Monitoring, detection and investigation

24/7 continuous monitoring

Threat detection and investigation

Root Cause Analysis

Advanced Threat Hunting

up to 2 activities per year

Monitoring of external internet assets

+

+

Response

Recommended remediation actions

Contain/Shutdown Host (**)

Coordination of remediation actions for major and critical incidents

up to 3 incidents per year

up to 5 incidents per year

Custom Playbooks

up to 5

up to 10

Governance of services

Monthly reports

Quarterly Evaluation/Lessons Learned

Support for audit/regulatory compliance

+

+

up to 2 interventions per year

Additional services (add-on)

Governance, Risk and Compliance (GRC) Activities (***)

+

+

+

Legend:

√ included

– not included

+ optional

Notes:

(*) Security Testing: Penetration Test, Code Review, Social Engineering, Red Teaming

(**) If these actions are possible from the platforms managed by Safetech and based on the procedures agreed with the customer

(***) Governance, risk and compliance activities: development/review/update of standards/policies/procedures, risk analysis, business impact analysis, business continuity and disaster recovery plans, compliance audit.

Frequently asked questions about Safetech's SOC outsourcing services

How does an outsourced SOC respond to security threats?

An outsourced SOC provider continuously monitors the network for suspicious activity. When a threat is detected, the team in this SOC performs the triage, analyzes the severity, and takes appropriate measures, such as isolating the affected systems or neutralizing the attack.

What types of threats are monitored by the SOC?

The SOC monitors a wide range of threats, including: malware and ransomware attacks, phishing and spear-phishing attacks, unauthorized access attempts (international and external), anomalies in network traffic, vulnerabilities at the application and server level, etc.

What are the responsibilities of the outsourced SOC service provider, and respectively of the customer, with regard to incident response?

In general, responsibility for incidents is shared. The SOC provider is responsible for monitoring and reporting incidents, as well as providing remediation recommendations. The customer is responsible for implementing the recommended measures and for the overall security of its IT infrastructure.

What are the typical costs associated with an outsourced SOC?

The costs vary depending on: the size of the organization (number of digital assets identifiable by IP address or MAC (Media Access Control)), the range of services requested, the working hours in which the services operate (8/5 or 24/7), the level of customization required and the duration of the contract. Outsourced SOCs often offer subscription or pay-as-you-go models, making them more scalable and efficient than in-house SOCs.

How does an outsourced SOC ensure compliance with industry regulations?

Outsourced SOC service providers help organizations meet various compliance standards, such as GDPR, PCI DSS, ISO 27001, and the NIS directive, by continuously monitoring security policies and generating compliance reports.

How long does it take to fully implement an outsourced SOC?

The implementation time depends on the complexity of the infrastructure and the availability of the customer's resources. In general, the process of starting SOC (onboarding and onboarding) services can take anywhere from a few weeks to a few months. The process includes agreeing on the sources that will provide data, establishing the SOC architecture, defining and applying the communication/collaboration procedures between the provider's team and the client's team, configuring the technological platforms that will be used by the CERT ITS team and integrating them with the agreed data sources.

How is the confidentiality of customer data ensured?

Outsourced SOC providers follow strict privacy and data security policies, usually compliant with regulations such as GDPR. All data is encrypted and managed according to cybersecurity best practices.

Why choose Safetech's SOC outsourcing services?

The CERT ITS Centre has the following particular characteristics:

  • Is a CERT accredited by Trusted Introducer,
  • Specialists within it have multiple personal certifications (ISC)², ISACA, EC-Council, etc,
  • Provides complete cyber incident monitoring, prevention, reporting services based on its own and/or customers’ platforms,
  • The center’s services are covered by an insurance policy that includes specific clauses for cyber event risks,
  • The center operates with staff in 3 shifts, to ensure optimal coverage 24 hours a day,
  • The center’s activities are structured on 3 levels of technical expertise,
  • According to current statistics, STI CERT:
    • Receives, on average, 100 billion events/month,
    • Analyzes 12,000 security alerts/month,
    • Handles 150 security incidents/month,
  • STI CERT serves clients in the financial-banking, utilities, health, technology, retail, distribution, consulting, gaming industries,
  • The SOC outsourcing provided by the CERT TSI is a low-cost alternative. Not all organizations can afford to operate their own Security Operations Center (SOC). Safetech’s SOC outsourcing services are a sustainable, easy-to-apply and economically efficient alternative for small and medium-sized companies, with limited internal resources in the field of cybersecurity, as well as for large organizations, which can thus complement or expand their own skills to achieve the desired objectives. In addition, it allows companies to capitalize on the investments already made in the security infrastructure, by integrating existing solutions.