Monday, October 28, 2013

Technologies used in a SOC with costs and 2013 Gartner magic quadrants

A blog reader asked me about what kind of technologies do you need to provide managed security services so, here I am. To help you in the choice and analysis, I will link for every technology (when available) the GARTNER quadrant. Of course the quadrant is just to help you in the analysis as it is just the GARTNER point of view. Also, the "costs" are absolutely not precise, they are just to give you a clue of what you will need to invest.

Security Device Management

To provide SDM service you need basically 2 technologies:


  • Monitoring, to monitor the hardware or software faults and the performance (for ex. CPU and memory usage, storage capacity etc). There are many tools to do it, some free and some not. An example of good work is Cacti
  • Management console, to manage the technologies. Usually every vendor has its own management console. So, to manage Fortigate appliances for example, you need the Fortinet management console, for Stonesoft the SMC (Stonesoft Management Console), etc
There are not magic quadrants for the monitoring and management console but there are magic quadrants for the UTM and Enterprise Network Firewalls. This quadrants will help you in the choice of which technologies you want to provide to your customers because you can't manage EVERY technology, this is because you need specific knowledge, certifications, and having few technologies help you to industrialize the processes and procedures.

Gartner's 2013 Magic Quadrant Report for Unified Threat Management (UTM)


Gartner's 2013 Magic Quadrant Report for Enterprise Network Firewalls


Costs of the technologies:

  • Monitoring: from 0 up to 100k€. Depending if free or commercial and how many nodes do you want to monitor
  • Management: from 0 to 100k€ for every vendor. Some vendors offer it for free, some other wants a license fee.


Log Management & Correlation

To provide this service you need a log collection technology, some of this technologies support correlation between events too.

2013 Magic Quadrant for SIEM (Security Information and Event Management)


Costs:

  • Log Management, from 0 up to 100k€, depending how many eps (events per second) do you need to receive and do you need to store.
  • Log Management & Correlation, SIEM are very expensive, for 30.000eps you will need something like between 200k€ and 500k€.


Security Assessment


  • Vulnerability Assessment, for this service you will need a vulnerability assessment tool, there are many with very similar functions. Some have less false positive, some have more, but usually they are very similar (some vendors will kill me if they read this! hehe). In general, I think it's really better to focus on the "easy to understand" reports than on the ability to find 1-2 more vulnerabilities. 
  • Penetration Test, for this you will need an exploting framework, needed for penetration tests, web application assessments, etc (there are free like metasploit and commercial like Core Impact)

Gartner 2013 "Marketscope for Vulnerability Assessment tools"


Costs:

  • Vulnerability assessment, between 100 and 200k€.
  • Exploting framework, from 0 to 100k€
  • Other tools used in PT, from 0 to 20/30k€

Early Warning

There is not really a technology to provide this service, you should build one for yourself. When you start with few customers, you can do it easily "by hand", when you reach 10/15 customers then the things become more difficult and you will need to build a custom technology.

DDoS Mitigation

To provide a DDoS mitigation service you will need a traffic cleaning platform aka "washing machine". As far as I know there are just two main vendors: Radware and Arbor.

Costs:

  • Between 100 and 200k€ for every traffic cleaning platform, able to clean 5-10GB/s of traffic

I hope you enjoyed this post and has been useful for your work. If you have any question or you want to suggest me a new blog post, please write me by email or comments.
Thanks for reading this.


55 comments:

  1. Waterproof cameras are better ready to withstand harm caused because of downpour, day off, dampness. hikvision cctv kits ireland

    ReplyDelete
  2. Thanks for the blog loaded with so many information. Stopping by your blog helped me to get what I was looking for. Hikvision

    ReplyDelete
  3. I might need to thank you for the efforts you have made in forming this article. I am believing a similar best work from you later on moreover.
    black box testing tools

    ReplyDelete
  4. This is my first visit to your web journal! We are a group of volunteers and new activities in the same specialty. Website gave us helpful data to work. Hikvision DS-2CD2365G1-I

    ReplyDelete
  5. Great post. It was a good read about the soc operation. Here IARM Top Cyber Security Company in Chennai provides information security services to enterprises, small & large scale organizations, Manufacturers, finance, Retails, IT/ITES and so on.
    Information Security Company in Chennai
    Penetration Testing Company In Chennai
    Soc Services In India
    Cyber Attack Recovery Services In India
    SOC2 Auditing Company in chennai

    ReplyDelete
  6. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... Serious Security Melbourne

    ReplyDelete
  7. This is my first time visit to your blog and I am very interested in the articles that you serve. Provide enough knowledge for me. Thank you for sharing useful and don't forget, keep sharing useful info: CCTV Sydney

    ReplyDelete
  8. This comment has been removed by the author.

    ReplyDelete
  9. I am reading your article, It's full of informative about Security Guard
    and cyber security. I love your article thanks for providing great informative

    ReplyDelete
  10. Love to read it,Waiting For More new Update and I Already Read your Recent Post its Great Thanks. bodyguard

    ReplyDelete
  11. I would like to say that this blog really convinced me to do it! Thanks, very good post. armed security guard

    ReplyDelete
  12. I really thank you for the valuable info on this great subject and look forward to more great posts friends tv show t shirts

    ReplyDelete
  13. Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also. portable charger for iphone

    ReplyDelete
  14. So luck to come across your excellent blog. Your blog brings me a great deal of fun.. Good luck with the site. eliquidflavour

    ReplyDelete
  15. If you don"t mind proceed with this extraordinary work and I anticipate a greater amount of your magnificent blog entries red light collagen therapy before and after

    ReplyDelete
  16. Thanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts. spirulina benefits

    ReplyDelete
  17. If you are looking for more information about flat rate locksmith Las Vegas check that right away. Sydney CCTV Installation

    ReplyDelete
  18. Thanks for the nice blog. It was very useful for me. I'm happy I found this blog. Thank you for sharing with us,I too always learn something new from your post. buxom cosmetics

    ReplyDelete
  19. Very interesting blog. Alot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definately interested in this one. Just thought that I would post and let you know. Bet

    ReplyDelete
  20. This was among the best posts and episode from your team it let me learn many new things. alloy wheels

    ReplyDelete
  21. I have read your article; it is very informative and helpful for me. I admire the valuable information you offer in your articles. Thanks for posting it. עורך דין תאונת דרכים

    ReplyDelete
  22. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks Home Security Systems

    ReplyDelete
  23. Wow, cool post. I’d like to write like this too – taking time and real hard work to make a great article… but I put things off too much and never seem to get started. Thanks though. get instagram likes australia

    ReplyDelete
  24. In addition, make the new technologies transparent to the user or, pickering condos for sale at least, make them as intuitive to operate as possible.

    ReplyDelete
  25. Colorado Technical Institute has a Bachelor Science Degree in Cyber Security (BSCS). CTU's program is affiliated with the National Security Agency (NSA) and allows for students to choose two concentrations. cyber security training in hyderabad

    ReplyDelete
  26. Thumbs up guys your doing a really good job. It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.
    Cyber Security Course in Bangalore

    ReplyDelete
  27. Very nice blog and articles. I am realy very happy to visit your blog. Now I am found which I actually want. I check your blog everyday and try to learn something from your blog. Thank you and waiting for your new post.
    Cyber Security Training in Bangalore

    ReplyDelete
  28. I will really appreciate the writer's choice for choosing this excellent article appropriate to my matter. Here is deep description about the article matter which helped me more.
    Best Institute for Cyber Security in Bangalore

    ReplyDelete
  29. Future technology will undoubtedly be able to accomplish more, be even faster and will make work easier. Tablets, Smartphones and other smart devices will keep on evolving to work better together. multi head combination weigher

    ReplyDelete
  30. Consequently it was a spearheading starting, as you were not, at this point reliant on a call, yet rather you could undoubtedly utilize data instant messages as a modest and a helpful method to trade data with your friends. atm skimmer for sale

    ReplyDelete
  31. This increase in use can be attributed to the advancing sophistication of such tools, as well as their ability to provide a cost effect method of promotion during the current recession. Robotics Process Automation tech events

    ReplyDelete
  32. The quick advancement of remote technology prompted the creation of cell phones which uses radio waves to empower correspondence from various areas around the globe. The utilization of remote tech presently goes from remote information correspondences in different fields including medication. emv cloning software

    ReplyDelete
  33. Remote advancements with quicker speeds at 5 ghz and transmission abilities were very costly when they were imagined. Yet, presently, practically all versatile handsets and small PCs accompany advances like Wi-Fi and Bluetooth, in spite of the fact that with variable information move speeds. mobile tracker

    ReplyDelete
  34. Both faker security and genuine reconnaissance cameras are valuable with regards to giving security to your propertyhome security camera installation north York

    ReplyDelete
  35. This is a fantastic website and I can not recommend you guys enough. yoga pants

    ReplyDelete
  36. This website is remarkable information and facts it's really excellent Treasure at tampines condo

    ReplyDelete
  37. I would also motivate just about every person to save this web page for any favorite assistance to assist posted the appearance. computer repair

    ReplyDelete
  38. A debt of gratitude is in order for sharing the information, keep doing awesome... I truly delighted in investigating your site. great asset... Website developer

    ReplyDelete
  39. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well.. Cacao Ceremony

    ReplyDelete
  40. I will be interested in more similar topics. i see you got really very useful topics , i will be always checking your blog thanks baby clothes

    ReplyDelete
  41. I really appreciate this wonderful post that you have provided for us. I assure this would be beneficial for most of the people. Eliquid

    ReplyDelete
  42. My friend mentioned to me your blog, so I thought I’d read it for myself. Very interesting insights, will be back for more! best hood cleaning service

    ReplyDelete
  43. Great tips and very easy to understand. This will definitely be very useful for me when I get a chance to start my blog. FNM

    ReplyDelete
  44. This is an awesome motivating article.I am practically satisfied with your great work.You put truly extremely supportive data. Keep it up. Continue blogging. Hoping to perusing your next post Security Services london

    ReplyDelete
  45. I can set up my new idea from this post. It gives in depth information. Thanks for this valuable information for all,.. Custom pop up cards

    ReplyDelete
  46. You completely match our expectation and the variety of our information. feste per bambini

    ReplyDelete
  47. Truly, this article is really one of the very best in the history of articles. I am a antique ’Article’ collector and I sometimes read some new articles if I find them interesting. And I found this one pretty fascinating and it should go into my collection. Very good work! eicl ltd

    ReplyDelete
  48. In the event that a craftsman is attempting to convey something, the sound tech ought to be focusing on that as well. It is the specialist's duty to comprehend those correspondences that come from the craftsmen during a show, however, more critically, it is the sound tech's responsibility to be mindful to the necessities of the designer and the craftsman. túlméretes szállítás Europa-Road Kft.

    ReplyDelete
  49. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article. toys for black children

    ReplyDelete
  50. If you don"t mind proceed with this extraordinary work and I anticipate a greater amount of your magnificent blog entries What things are soothing

    ReplyDelete
  51. At the point when the craftsmen are setting up, it is the sound tech's duty to give the accompanying: IT consulting services Brampton

    ReplyDelete