1 minute read
B. SOC Monitoring Solution Architecture provided to the customer
B. SOC Monitoring Solution Architecture provided to the customer
Data Consult will be relying on a VPN and a hypervisor at the customer end to connect to the Master SIEM, Master SOAR, Case Management, Ticketing System and EDR at the Costumer end.
Advertisement
To enable the augmentation of Managed SOC services, the remote IR services, and the SIEM use cases engineering and reporting the following connections, integrations and controls are needed:
1. Secure VPN Tunnel from Data Consult KSA Tenant to the
Customer location:
A VPN tunnel should be implemented between Data Consult tenant in Azure and the Customer site, then from Customer site to designated monitored environment. The connectivity provided should be able to allow the SOC assets and analysts endpoints of Data Consult in KSA to communicate with designated monitored environment (SIEM, SOAR, Ticketing System, EDR).
2. Audited Access:
Monitoring should be enforced on the tunnels established from Data Consult KSA to designated monitored environment.
3. Encryption is always required:
Encryption and any other supporting encryption mechanisms will be enforced to guarantee the minimal level or traffic exposure possible during network travel.
4. Thorough Monitoring of the MSS Supporting Infrastructure:
Apart from the internally monitored Managed Security Infrastructure at Data
Consult, all the nodes and systems between Data Consult Infrastructure, customer end and the designated monitored infrastructure will be thoroughly monitored with regular timely reporting on findings and security KPIs.
