The CEO’s Guide to Managed SOC Services

The CEO’s Guide to Managed SOC Services

As the CEO, consider Managed SOC Services to protect your organization. The security of your organization is only as strong as the team, regulations, tools, and services you approve.

What are Managed SOC Services?

Cybersecurity needs vary from organization to organization and are implemented per structural cybersecurity priorities and risk tolerance. Most managed SOC services will manage an incident from detection to remediation; others will focus on supporting and coordinating incident responders and handling incident response communication — e.g., status updates and third-party communication.”

Managed SOC services provide 24/7 proactive security monitoring, vulnerability management, and incident response and remediation. This is especially attractive for businesses that are attacked frequently but do not have the resources of large enterprises.

With the flexible commercial models and deployment options, Managed SOC Services are a cost-effective way for organizations to leverage all the benefits of a SOC without incurring the significant overheads and outlay associated with building and deploying their in-house security center.

The suite of Managed SOC services delivers information security monitoring, incident response, and vulnerability management services that are essential to counter the sophisticated threats of today.

When you outsource the management of a SOC to an MSSP like Cybriant, your organization can quickly improve its cyber security defense without spending exorbitantly on additional infrastructure or keeping a large team of expensive security experts.

How to Meet the Guidelines for the NIST Cybersecurity Framework

Continuous Monitoring with Managed SOC Services

An outsourced team of security experts provides 24/7 continuous monitoring of your environment. This team investigates all incidents that appear to be suspicious and takes immediate remedial action if malicious activity is detected.

24×7 security monitoring utilizing leading Security Information and Event

  • Management Systems (SIEM).
  • Monitoring of firewall, IDS, anti-virus and operating system logs, and any other sources of security events.
  • Going beyond the SIEM and other deployed technology and actively searching for breaches (Premium Service).
  • Threat detection and rapid incident remediation (Premium Service).

Threat Intelligence

Security analysts and researchers augment third-party intelligence feeds with threat information generated internally. Additionally, they filter data to highlight specific threats relevant to Managed SOC services customers and their business interests. Threat intelligence plays a critical role in enhancing the detection capability of outsourced cybersecurity monitoring.

Incident Response & Forensics of Managed SOC services

Upon detecting a breach, a member of the Managed SOC Services team will launch incident remediation measures in close coordination with the customer’s IT, team, working to contain the threat whilst ensuring minimal disruption to business activity. This is followed by a thorough incident response and forensic analysis exercise to determine the root cause, eradicate the breach and improve defenses to prevent occurrences of similar breaches in the future.

Here are 3 Benefits of an Incident Response Plan

When you work with a Managed Detection & Remediation team like Cybriant, you can control a breach and remediate it as needed.

Vulnerability Management

An outsourced Managed SOC services team detects vulnerabilities in your IT infrastructure using cutting-edge technology. This team will remediate vulnerabilities to minimize their risk exposure.

  • Continuous vulnerability assessment.
  • Vulnerability tracking & prioritization.
  • Vulnerability remediation.

Ongoing Improvement of Security Posture

Acts as advisor and helps you continuously improve security posture by helping the company define better policies and processes.

Compliance with Applicable Security Standards and Regulations

By working with an MSSP, they can help you achieve compliance with standards and regulations such as HIPAA and PCI DSS. Managed SOC services offer continuous vulnerability management and improvement of security posture to help you meet or exceed the requirements of these regulations.

Low Total Cost of Ownership of Security Technology

Security requires investing in an array of software and tools and operating them in an integrated fashion. Our security operations team has a system of over 30 security tools and applications to secure networks and critical data, saving you the cost and effort. An outsourced model saves you significantly in product license and support costs.

Benefits of Managed SOC Services:

  • Continuous insight into the company perimeter is the only way to effectively manage and respond to threats.
  • Real-time strategic insight into risk by certified professionals.
  • Streamlined processes for continuous monitoring and deeper assessment.
  • Preemptively mitigate risk by minimizing vulnerability exploitation time-frames.

Types of Security Assessments

  • Security review of organizational security strategy, governance approach, policies, standards, risk management, and staff awareness.
  • Technical security review of IT infrastructure, networks, architectures, systems, security procedures, and physical security.
  • Combination of both.

Security Strategy and Roadmap

Once a security assessment has been completed it can form the basis for a security strategy.  A security strategy outlines a prioritized plan of action for improving the security posture. Many times we may recommend our managed SIEM services which will help your organization honestly acknowledge the specific risks and challenges and provide a pragmatic approach to managing them. Our systems analysts can focus and coordinate efforts to provide a logical strategic structure that contains three elements: a diagnosis, a guiding policy, and an action plan. This approach is focused on ensuring that you become resilient against an ever-changing threat landscape and that ultimately the organization’s core business operations are protected.

We recommend starting with a cybersecurity framework like NIST that will help you avoid the common mistake of broad ambiguous security goals, ambitions, and vision and instead focus efforts on a set of coherent strategic objectives and implementable actions.

By identifying the state of security, Cybriant will work with you to agree on the right target state to optimize security and develop a prioritized roadmap to achieve it.

NIST Cybersecurity Framework


PREtect: Cybersecurity Made Easy


Cyber Security Best Practices for Protecting Data in Motion

Cyber Security Best Practices for Protecting Data in Motion

Data in Motion (DiM) is any information that moves across a wire to a new location. Here are the top cyber security best practices when dealing with DiM.

Data in Motion (DiM) is any information that moves across a wire to a new location. Think of DiM as the information customers send to your database or the data that you transfer from a database to a web server.

Data in motion can be intercepted and stolen by hackers using man-in-the-middle (MitM) attacks, sniffing tools attached to your network, or even hijacking a user’s email account.

DiM is the most vulnerable to theft since it’s no longer in control by your security administrators, so organizations must create standards when dealing with it to stay in compliance with major regulatory standards and to protect customers from identity theft.

How to Determine Data in Motion versus Data at Rest

When discussing the two states of data, data has two forms: data in motion (DiM) and data at rest (DaR). The two forms need cyber security standards to protect from vulnerabilities, but DiM is any information passed along a wire. Data at rest is the information you store on a database, storage device, optical media, or any other form where it’s archived and does not move to another user.

DaR can become DiM during the transfer of information, but once it becomes DiM cyber security administrators use different strategies to protect it. To determine when data is in motion, just ask yourself if the data is moving from one location to another. If the answer is “Yes,” then you have data in motion and you need to take the necessary precautions.

Several regulatory guidelines require that DiM is protected in specific ways. These guidelines include HIPAA, SOX, PCI DSS, FISMA and several more oversee the way user data is handled and best practices when working with specific types of data.

For instance, HIPAA has regulations for healthcare data. PCI and SOX oversee the way financial data is stored. If any of these regulatory organizations oversee your data, you must comply with best practices or face the possibility of high fines for data breaches from poor cyber security procedures.

Read more: IT Security Best Practices Checklist

What Risks are Involved with Data in Motion?

Once data leaves a secure storage device, it’s in motion and vulnerable. It’s vulnerable to insider threats even if it’s transferred only between two people within the organization. It’s even more vulnerable after it leaves the organization over the Internet.

The frustrating part of cyber security and DiM is that administrators no longer have control of any data once it leaves the internal network. This is what makes DiM so vulnerable and any internal cyber security is rendered useless.

The biggest risk with DiM is that it’s usually sent to someone outside of any strict organization’s cyber security rules. For instance, a customer service person could send data to an end-user by email. This data is secured on the network, but once it reaches the inbox of a third party, it’s vulnerable to attacks on that entity.

The third party could suffer from an attack on their email account, or the third party could send the data to another user. Cyber security standards are lost once your data leaves the organization, so rules overseeing DiM should be strict and distributed to all users on the network.

Related: Vulnerability Assessment vs. Risk Assessment

Avoiding Data Breaches with DiM

Cloud sharing tools are one of the biggest culprits in cyber security breaches. In November 2017, the US Pentagon exposed data when it failed to properly configure its Amazon Web Services account. In the same month, US Army intelligence documents labeled “Top Secret” were also exposed due to poor security settings.

With cloud tools, organizations must understand the right settings to protect the organization from data breaches. Although the data is stored in a secure cloud setting, data is moved to this location and intercepted as it moves from one location to another.

Other cloud storage devices are also at risk such as Google Cloud Storage or Dropbox. Employees might share data with users outside of the organization using these services, and they can be improperly secured accidentally by employees who don’t understand the implications of failing to restrict access to the public Internet.

It should go without saying that data passed over the Internet should be encrypted. It’s not uncommon for organizations to pass data along the wire within the organization unencrypted. This type of DiM has been a source of data breaches, including the Target credit card theft in 2013. While most standards don’t require encryption with internal data, you should encrypt it whenever possible to avoid an “easy” attack from an insider.

In no way should an employee send private data in email communication. All data should be reviewed, edited, and created on a controlled platform such as a web server. Users should not send private data in email, but you can’t control the information sent from a third party.

You can set regulations and standards for employees when they email customers. All employees should fully understand that sending data in email is a security risk and could expose the organization to fees and fines due to poor cyber security procedures. Should the recipient get hacked or send data to another entity, the organization has no control over DiM exposed in the process.

Automation is common in IT, but it shouldn’t be used when sending data to a third party. For instance, you might have data sent to a third-party marketing organization. All data should be reviewed before sending this type of data to someone outside of the organization. Any automation tools can have bugs or deliver the wrong data, and you can’t get it back. This would be an example of a data breach that would need to be reported, and it can lead to fines and lawsuits.

Securing DiM requires several steps. You first identify the data at risk and then determine if you must follow any regulatory standards that oversee the way that data is managed. Risk management gets involved with identifying any data and factors that could affect your DiM, so you should consult cyber security specialists that can help you find all data in motion that could be affected.

Once you know DiM is vulnerable to attacks, you can take the necessary steps to secure it. It could take analysis and change to current procedures, or it could be the addition to better encryption and cyber security implementations. Since this data is the most vulnerable to attacks, you should always use the best ways to ensure that hackers are unable to intercept it and use it for identity theft.

Learn More Cybersecurity Best Practices

8 Security Best Practices for Your Small to Medium-Size Business

8 Security Best Practices for Your Small to Medium-Size Business

There are certain security best practices that your business should be following, no matter your size. Start with these principles and you’ll be on the right track. 

There’s a common myth out there that the only businesses who need to worry about cybersecurity are big-name companies with a lot to lose. It seems like every day another big company is being persecuted for losing sensitive customer information, and it’s hard for these businesses to recover their reputation.

Top 8 Security Best Practices

In reality, security is something all businesses need to care about. Around 43% of all cyberattacks target small businesses. Because they have fewer resources, these small to medium-size businesses are more at risk of attack. How can you protect your business from an online attack? Try these 8 security best practices today.

security best practices

Image via Pexels

1. Create Cybersecurity Policies

The first step is to sit down and create clear, usable cybersecurity policies. If you haven’t already done this, time is of the essence. Document your protocols, create training for new employees and consider joining a security training program as an organization.

If you need help, don’t be afraid to bring in a security consultant. You can never be too careful, and sometimes this outside input is essential if you don’t know where to begin. Check out the Small Business Administration’s portal on cyber security for more security best practices.  

2. Mobile-First Security

Business activity is quickly shifting to mobile devices and other endpoints. This means protecting your desktop computers and servers isn’t enough, you also need to take precautions to protect mobile devices. You’ll want to document these protocols in the policies we mentioned above, but it’s a good idea to educate employees as well about how to stay secure on their mobile phones.

3. Employee Education

Of course, one of the most fundamental steps is to educate your employees on security best practices. Many people might be well-intentioned, but they lack an understanding of how their security could be compromised online. Start with education about storing files securely, setting passwords, and your company policies. From there, take steps to notify employees about any breaches of security that might affect them.

4. Practice Safe Email Protocols

One of the most common ways cyber attacks occur is through emails. This is especially true for employee email accounts which aren’t always as secure. Aside from learning how to set a secure password, also ensure your employees understand how to navigate suspicious-looking emails. Create a system for reporting these suspicious emails and preventing them from spreading.

5. Back-Up Data

Attacks sometimes are inevitable. While we’d all like to prevent 100% of problems, it’s better to be safe than sorry. Ensure you have a system to regularly backup all of your data just in case. This should include any documents, databases, financial information, and anything else that’s essential to running your business. Cloud storage is a good option to secure your files.

security best practices

Image via Pexels

6. Multi-Factor Identification

Multi-factor identification is when you need two forms of passwords or identification to gain access to a system. This is one of the security best practices that is becoming more popular across the board, especially on social media where it’s easy to log into a system remotely. This is one of the best ways to add an extra layer of protection to things like email accounts and software, and it’s simple enough to set up in a few steps.

7. Computer Logging

Once again, things sometimes go wrong no matter how much preparation you do. Investing in Windows logging software ensures that when something goes wrong, you have a way to track that error and repair it quickly. With logging software, you can also enable automatic alerts to prevent problems from happening in the first place.

8. Anti-Malware Software

Last but not least, install anti-malware software on your business system to prevent attacks. Even if your employees are well-versed in online safety, things still slip through the cracks. Anti-malware software will prevent the most common phishing attacks and can help debug a computer once harmful malware has already been downloaded.

Network Security Best Practices

In today’s digitally-driven era, the essence of network security cannot be understated, as organizations rely heavily on their IT infrastructures to drive productivity and growth. Network security best practices encompass a range of measures that aim to safeguard the integrity, confidentiality, and availability of crucial data, ensuring the seamless functioning of businesses.

By employing robust cybersecurity controls, such as regular software updates and patches, multi-factor authentication, and stringent access control mechanisms, organizations can effectively mitigate the risks of unauthorized access and nefarious activities.

Furthermore, continuous monitoring and improvement of these systems, alongside employee education and training in cybersecurity awareness, play a pivotal role in fostering a strong security culture.

Consequently, embracing these network security best practices empowers organizations to maintain trust in their digital systems and thrive in a rapidly evolving digital landscape.

Managed Detection and Remediation (MDR) are highly recommended if you are looking for small business network security or enterprise network security best practices. MDR is an advanced service that provides proactive security monitoring and quick response to any malicious activity. It also offers digital forensics for investigations, threat intelligence for informed decision-making, and automated alerting upon potential threats.

In addition, organizations should review their networks regularly and make sure they have the latest firewalls in place. Having a secure firewall and regular updates is essential to mitigating any potential threats. Furthermore, it’s important that businesses keep their network traffic secured with encryption protocols such as IPsec and SSL/TLS.

Finally, organizations should implement one or more anti-malware solutions as a key component of their overall security strategy. Having an advanced anti-malware solution in place is an effective way to detect, identify and eliminate malicious software from your networks.

By utilizing these best practices, organizations can ensure that their networks are secure and reliable, thereby enabling them to operate smoothly and securely. In this manner, network security best practices can help organizations protect themselves against imminent threats and mitigate potential risks.

The implementation of these security measures should be done in a holistic and integrated manner, as each component plays an integral role in safeguarding the organization’s digital assets. Ultimately, these best practices will ensure that organizations remain compliant with industry standards and secure their IT infrastructure from malicious attacks.

Final Thoughts

Is your company safe from cyber-attacks? No matter your business size or whether you handle sensitive information, you could still find yourself as the target of an attack. You don’t want to become just another statistic.

Take these steps above to protect your business, your employees, and your customers. Their information is worth protecting. It’s easier than you think to get started with a secure system, so don’t waste any time without one.


Wendy Dessler is a super-connector who frequently writes about the latest advancements in the digital and tech industry.

Top Cyber Security Websites of 2022


The Security Easy Button

Watch On-Demand: How to Prepare for GDPR

Watch On-Demand: How to Prepare for GDPR

GDPR, or General Data Privacy Regulation, will come into force on 25 May 2018. GDPR requires organizations to maintain a plan to detect data breaches, regularly evaluate the effectiveness of security practices, and document evidence of compliance. If you don’t already have the required security tools and controls in place, your organization will need to start planning now to achieve compliance and mitigate the risk of high fines for failing to comply.

In this webcast, AlienVault CISO John McLeod provides insights into how AlienVault has approached the GDPR compliance process internally, along with how the Unified Security Management® (USM) platform can help accelerate and simplify your path to compliance.

Watch this on-demand webcast now, and learn:

  • Best practices for approaching GDPR compliance
  • How to assess your level of readiness and build your roadmap to compliance
  • How a unified security toolset can both expedite and simplify this process

They’ll also provide a brief demo of the USM platform to illustrate some of the technical controls you need in place TODAY for compliance.

Watch Now!


Looking for a better way to address threat management and compliance? By working with a professional security services organization and a SIEM like AlienVault®, you will have a better way to detect threats.

Virtually every regulatory mandate requires some form of log management to maintain an audit trail of activity. By utilizing a SIEM, Cybriant provides a mechanism to rapidly and easily deploy a log collection infrastructure that directly supports this requirement. Ticketing and alerting capabilities also satisfy routine log data review requirements.

Get more value out of your SIEM while meeting compliance regulations – find out more about Cybriant Managed SIEM with Security Monitoring: https://www.cybriant.com/managed-siem/

Managed SIEM with Security Monitoring

Your SIEM needs a Hedgehog!

At Cybriant, we are big fans of Jim Collins’s book, Good to Great. This is a classic book for business leaders that describes how Mr. Collins and his team researched 1,435 established companies to find common traits of those businesses that made a leap from average to great results. The principles that are discussed in the book include lessons on eggs, flywheels, hedgehogs, and other essentials of business.

Let’s talk Hedgehogs

In his famous essay “The Hedgehog and the Fox,” Isaiah Berlin divided the world into hedgehogs and foxes, based upon an ancient Greek parable: “The fox knows many things, but the hedgehog knows one big thing.” Mr. Collins asks in his book, ” Are you a hedgehog or a fox?”

Cybriant understands that when it comes to managed SIEM, we are hedgehogs. According to the book Good to Great, a hedgehog concept is a simple, crystalline concept that flows from deep understanding about the intersection of three circles: 1) what you are deeply passionate about, 2) what you can be the best in the world at, and 3) what best drives your resource engine.

We are hedgehogs because we are deeply passionate about understanding SIEMs – how they work, how to get the proper data out of them, and what to do with that data. We are the best in the world at this because we have the top talent on staff, of course! What drives our resource engine is SIEM, SIEM, SIEM. SIEM implementations, training, monitoring, and so much more. We live and breath SIEM.

So, why do you need a Hedgehog for your SIEM?

One of our partners, AlienVault, was included in the recent Gartner Magic Quadrant for SIEM. This is awesome news! If you already use AlienVault, you know that you are working with the best. But, not every company has the resources to make it (or whichever SIEM you chose) work properly for them.

According to Gartner, there are four “cautions” when it comes to AlienVault.  Here’s how a hedgehog, like Cybriant, can help assist with those potential weaknesses when it comes to your SIEM:

Caution #1: USM provides NetFlow capture, basic statistics, and context for assets, but cannot generate alerts from NetFlow.

With the recent 5.4.x AlienVault release the ability to generate alerts from NetFlow has been addressed, but we would always recommend using the right tool for the job.

AlienVault is a phenomenal correlation engine that can take a lot of data from disparate sources and discover threats from seemingly innocuous information.  It does this by taking data from Active Directory, antivirus engines, firewalls, intrusion detection, and/or anything that can produce a log message for analysis.  Each of these sources is simply a single slice of the pie just like NetFlow.  Additionally, there are technologies that specialize in analyzing nothing but NetFlow to discover behavioral events and how they may be a threat.  AlienVault will take those kinds of specialized tools and create a holistic threat analysis so that you get the whole pie and not just a single slice.

Caution #2: Integration of unsupported data sources is cumbersome compared with competing products. Alternatively, users can request AlienVault develop a plug-in to enable the integration.

The fact of the matter is that there is no data analysis engine that can parse and integrate every technology on the market without some sort of expertise, understanding of the data, and ability to create an integration.

Cybriant Engineers regularly write plugins and integrations for the AlienVault platform.  For simple products that are “unsupported” by AlienVault, it may take an hour to write a plugin.  For very complex products with hundreds (or more) of rule variations on messages in logs, it will take longer.  Through literally thousands of implementations, the Cybriant team has yet to find a product that cannot be integrated (or have a plugin created) as long as it outputs data.

Caution #3: Although identity activity can be linked with assets, USM provides only basic enrichment of event data with user context; and identity and access management (IAM) integration is limited to Active Directory and LDAP.

There are many tools that can integrate with AlienVault to provide enriched user data, and out of the box, AlienVault has some built-in IAM capabilities.  Additionally, the USM Anywhere product has advanced user enrichment functionality with lAM and IDM software.  However, when we encounter cases where a user had a problem with their SIEM we typically discover that one of a couple of things has occurred:

  • The necessary data isn’t being fed into the SIEM (either by lack of logging verbosity or other configuration issues).
  • The Security Analyst (or is more often the case:  Overworked Systems Administrator) performing the analysis doesn’t have the experience necessary to do a data deep dive.

Think of it this way, if you have a musical instrument and don’t correctly tune it then it will sound terrible.  Similarly, if the data isn’t correct being sent to the SIEM and the system isn’t tuned to excel at processing the data then a Security Analyst will get poor results.  Additionally, like a musical instrument, you could have the best-made instrument in the world, but if the musician doesn’t know how to play it then it will sound terrible.  With a SIEM, if the Analyst (Administrator/etc.) doesn’t have the experience and dedicated training required to be successful then the results will be poor.

At Cybriant our SIEM Analysts have a deep understanding of both how the SIEM should be configured and how to discover threats using the SIEM.  These are two distinctly different skills.  Additionally, our SIEM Analysts have direct and instant access to the rest of our team members who specialize in different fields (such as Implementations, Malware Analysis, Forensic Analysis, etc.).  This means that instead of a single Security Analyst who is hunting down alarms, Cybriant has an entire Security Task Force who is actively monitoring your infrastructure.

Caution #4: AlienVault’s workflow capabilities do not include integrations with external ticketing systems or role-based workflow assignments. 

The traditional AlienVault USM does not have integrations with external ticketing systems, and so the Cybriant Security Operations Center solves this issue by having rigorous Processes and Procedures in place.  Without Processes and Procedures, workflows and integrations are typically handled in a hodgepodge manner instead of a hedgehog manner.

Additionally, with USM Anywhere USM, AlienVault now has integrations with external ticketing systems.  And so Cybriant can simply utilize our already existing great Processes and Procedures along with the automation to keep costs low for our customers.

Learn more about Cybriant and let us know if you need a hedgehog for your SIEM!


Have you heard about PREtect?