Kontex’s SOC Advisory Service provides an agnostic and independent approach to the building, the operationalisation and road mapping the capabilities of an effective internal or outsourced SOC service.
SOC Advisory
Our approach involves the following activities:
Existing log management strategy, incident response capabilities, skills matrix of available technical resources, target operational model, etc.
Exiting tools such as endpoint protection, firewalling, ID(P)S, hardening standards, etc.
Capabilities of existing controls against industry benchmarks and advisory
Development of roadmaps to enhance existing controls effectiveness, planning for new controls, enhancements to incident response capabilities, etc.
Mapping to business requirements and measurement of the SOC function, build of standard operating procedures, mapping of SLAs to SOC capabilities and business expectations, etc.
Agnostic review of SIEM market, mapping of SIEM / MSS capabilities to business expectations and SLAs, etc.
Agnostic review of EDR market, mapping of ERD / MDR capabilities to business expectations and SLAs, review of EDR capabilities against incident response expectations, etc.
Automation planning, response capabilities matrix development, road mapping of SOAR capabilities and development of “quick wins”.