SOC as a Service

plusserver takes over the complete management of all services required for our SOC as a Service offering. In addition to the managed service (rules and change management), this includes an English and German speaking SOC analyst team and services such as:

• Provision of the SIEM platform and log collectors (IBM QRadar)
• Connection of defined IT systems (e.g. EDR platform, firewalls)
• Automated correlation of events
• 1st and 2nd level analysis of security events
• Customer support in case of threats (according to e.g. run & playbook)
• Maintenance, high availability and optimization of the SIEM platform
• Reporting

For our Managed SOC, we rely on the industry standard IBM QRadar for SIEM. The security-relevant data is processed in our own data-sovereign and BSI-C5-tested cloud infrastructure (pluscloud VMware).

• Platform provider: IBM QRadar (listed as Leader in the Gartner Magic Quadrant for SIEM for the 13th time in a row)
• Sensor technology: security solutions as well as log collectors – also at your site (virtual appliance)
• Data sources: EDR, Windows, Linux, firewall, flow collectors
• Data source connections: based on IBM standard;
• individual use cases on request

Our SOC use cases are developed on MITRE’s state-of-the-art standard for cyber threat detection.

• The phases of the attack can be correctly identified at any time (cyber killchain).
• SOC use case database for e.g. EDR solutions or domain controllers is continuously optimized and extended
• Detection of zero-day vulnerabilities (as a complement to EDR and vulnerability management solutions)
• SOC analysis and reporting on this basis

Yes, our security services go beyond just providing and operating the infrastructure. We can also help you with your overall security strategy and offer security consulting and services.

Consulting: Whether you want to optimize your security infrastructure, implement a new solution, or just need general advice, we are here to help. Our experts can help you make the right decisions quickly and continuously improve your security architecture.

Onboarding: With the SOC as a Service product, you receive comprehensive and customized onboarding to connect standardized interfaces (sensors/security solutions), activate best practice use cases based on the MITRE ATT&CK, and configure your environment sustainably for the highest level of protection.

Service, support & analysts: Our dedicated 24/7 service and support team, as well as our team of analysts, provide you with personalized, expert assistance in resolving operational issues or analyzing security threats.

• Kick-off meeting
• Inventory and goal definition
• Customized onboarding plan
• Connecting log sources (standardized sources)
• Development of rules and regulations according to current best practice
• Fine-tuning of security solutions (e. g. EDR-events)
• Use cases based on the MITRE ATT&CK framework
• Fine-tuning of the ruleset
• Run & play book definitions
• Documentation

Yes, the dashboard displays a wide range of information including security events, breaches and affected hosts. The visual representation of complex data makes collaboration between you and our SOC analysts more efficient.

Key benefits of the SOC Dashboard include:

• Transparent visibility into ongoing security operations
• Early detection of threats through in-depth analysis
• Reporting that allows you to track current security status
• Better decision making when dealing with security incidents