inSOC Playbook
Your guide to inSOC’s services
Welcome to inSOC
This playbook gives an overview of the services we offer, and provides useful downloads with more detailed information, plus a selection of editable templates for use during the sales process.
FAQ
A list of our most frequently asked questions.
General Information
Where is the SOC located?
Where are your Data Processors located?
Is there a human SOC team?
Is your platform AI-driven?
Can we have visibility of the platform?
Which Cloud platforms can you monitor?
Is the platform multi-tenant?
Can we mix and match services?
Can we white label your services?
Do you sell direct?
Which licensing models do you offer?
What is the standard log retention policy
Does your SOC operate 24/7?
Do you provide template guides: policies, procedures, configurations?
What is the ease of deployment / simple client network configuration?
What is the typical time to deploy?
Do you provide Syslog ingestion?
Do you provide SNMP traps?
Do you provide API access?
Do you have the ability to easily scale from a small initial implementation to a large enterprise solution?
Retrieving data. Wait a few seconds and try to cut or copy again.
What is your SLA for offline hardware sensor?
Retrieving data. Wait a few seconds and try to cut or copy again.
Integration
Functionalities
Source Product Integration
Certification
API Compatibility
A list of compatible APIs with downloadable setup instructions and onboarding process.
Active Directory Connector
AWS CloudTrail Connector
Azure Active Directory Connector
Google Workspace Connector
Office 365 Connector
Elevator Pitch
An editable elevator pitch with suggested messaging to use during the sales process.
Sales Deck
An introduction to inSOC’s services, covering who we are, what we do, and how we help you as an MSP to offer cybersecurity services to your customers.
White Label Sales Deck
An editable sales deck for you to supply to your prospects.
Plan Comparison
Compare the features of our One Stop SOC packages: Essential, Power and Premium.
 Plan Comparison |  Essential | Power | Premium |
|---|---|---|---|
| Next Gen SIEM hardware appliance for network monitoring |  | | |
| Additional site -Next Gen SIEM hardware appliance for network monitoring (75 IPs) | Optional | ||
| 1U 200 IP appliance upgrade | Optional | ||
| Additional 25 IP block | Optional | ||
| Agent-based Next Gen SIEM for log monitoring | | | |
| Next Gen Cloud SIEM (M365/Gsuite/AWS/Azure Active Directory) | | | |
| Syslog forwarding | | | |
| Windows & Linux agents | | | |
| Network deep packet inspection | | | |
| Intrusion detection | | | |
| Asset discovery |  | | |
| Vulnerability management | | | |
| Scheduled weekly vulnerability scanning | | | |
| Weekly vulnerability reporting | | | |
| Sandboxing | | | |
| Compliance reports | | | |
| (PCI, GDPR, HIPAA, DFARS) | | | |
| 24x7x365 SOC threat, event and incident alerting | | | |
| 24x7x365 SOC analysis and recommendations | | | |
| SOC escalation | | | |
| CIS Top 20 Critical Security Controls SOC reports | | | |
| Standard onboarding to the appropriate CIS Top 20 Critical Security Controls | | | |
| Advanced onboarding | Optional | ||
| Onboarding (additional site) | Optional | ||
| Post incident investigation with CISSP resource | Hourly Rate | ||
SOC Overview
An outline of the technical and professional ability of inSOC personnel.
| Personnel | Number available | Certifications/qualifications at each level |
|---|---|---|
| Security Operations Center Technicians | 21 | BSC Computer Science, BSC Cybersecurity, MSc Network and Information Security, Certified Security Operation Center Practitioners, Google IT Support Certification, Certified Professional Forensics Analysts, AWS Security Fundamentals Certification, Microsoft Certifications |
| Security Engineers for escalation of high priority incidents | 10 | (Additional to the above) CISSP, CCIE, CISA, CISM, , ISO/IEC 27001 Information Security Associate, Foundations of operationalizing MITRE ATT&CK, Information Security Incident Handling Certification, Microsoft Certifications: Azure Administrator Associate, Certified Ethical Hackers, Fortinet's Network Secuirty Expert Certification NSE 1, Fortinet's Network Secuirty Expert Certification NSE 2 |
| Security Operations Center Manager | "*1 SOC Manager per Shift *1 SOC Director *Overseen by CTO" | (Additional to the above) CISSP, management experience of 5+ years |
| *Multiple individuals hold each certification | ||
| *High priority incidents are identified by the AI within the SIEM tool, registered by the SOC analysts and escalated immediately to the Tier 3 team for analysis. | ||
| *SOC management are required to have 5+ years management experience in large teams plus experience within and level 3 network engineering role in order to have the highest understanding of the issue and required actions. |
Onboarding Timeline
An overview of inSOC’s onboarding process.
Get installed
We set up a physical or virtual appliance at each of your subscribing customers' sites.
Fire up the software
You are now ready to start onboarding your first customers.
Start onboarding your customers
Our CISSP-led onboarding team will help you to harden your customers' environments, mapping to the appropriate CIS Critical Security Controls.
Get started
Once onboarded, we begin to collect critical security logs, perform deep packet inspection and conduct scheduled weekly vulnerability scanning.
Download a detailed version of inSOC’s onboarding process below.
Statement of Work (SOW)
Download our Statement of Work for One Stop SOC services.
Responsible Accountable Consulted Informed (RACI)
Download our RACI chart, plus a tuning checklist detailing the onboarding process, and critical controls alerts list.
ISO Certifications
inSOC has attained the ISO 9002: 2015 certification
(reg. number 21002).
(reg. number 21002).
Threat Assessment Reporting
inSOC supplies you with unique and comprehensive threat assessment and security risk reporting that goes beyond what other vendors offer. We provide a visual overview for the C-level team, detailed recommendations for technical staff, and step by step instructions based on critical risks, all based on the NIST Cybersecurity Framework and mapped to the relevant CIS Critical Securtity Controls.
MSP Select
MSP Select has been designed to enable our key MSP partners to grow cybersecurity sales through a personalized sales and marketing program delivered by our experts. It offers one-to-one sales support and coaching, a full suite of marketing collateral – from a brand new website to managed campaigns and collaborative webinars – and social media management.
If you’re an inSOC partner looking to rapidly grow your cybersecurity sales, MSP Select is the program you need to reach the next stage of growth.
To qualify for the Select program you will need to have MSP Protect in place and meet the minimum monthly revenue requirement.
Marketing Development
Everything you need to market your services – from a complete website with landing pages to email and PPC campaigns, plus collateral templates and learning events.
Sales Enablement
The skills to help you grow your sales pipeline – including sales team training, personalized coaching, sales videos tailored to your location, plus a dedicated account manager.
Glossary of SOCaaS terms
A
B
C
D
E
F
G
H
I
J
K
L
M
A
- Asset: Any hardware, software, data, or personnel that has value to an organization.
- Authentication: The process of verifying the identity of a user or device attempting to access a system or application.
- Active Directory: A directory service developed by Microsoft that stores information about objects on a network, such as users, computers, and groups.
- Advanced Persistent Threat (APT): A targeted and persistent attack against a specific organization or individual, often carried out by skilled and determined threat actors.
B
- Breach: An incident where an unauthorized party gains access to sensitive or confidential data.
- Business Continuity: The ability of an organization to continue operations in the face of a disruption or disaster.
- Botnet: A network of compromised computers that can be controlled remotely by a threat actor to carry out malicious activities, such as launching DDoS attacks or sending spam emails.
- Business Continuity Plan (BCP): A plan that outlines the procedures and strategies an organization will follow to ensure the continued operation of critical business functions during and after a disruptive event.
C
- Compliance: The adherence to regulations, laws, and standards relevant to an organization’s operations and industry.
- Cybersecurity: The practice of protecting computer systems, networks, and data from unauthorized access or attack.
- Cloud Access Security Broker (CASB): A security solution that provides visibility and control over the use of cloud applications and data by an organization’s users.
- Cybersecurity Framework: A set of guidelines and best practices developed by NIST to help organizations manage cybersecurity risks.
D
- Data Loss Prevention (DLP): A set of tools and practices designed to prevent the loss or theft of sensitive data.
- Dark Web: A part of the internet that is not indexed by search engines and is often used for illegal activities.
- Data Loss Prevention (DLP): A security solution that helps organizations prevent the loss or theft of sensitive data by monitoring and controlling its flow across networks and devices.
- Deep Packet Inspection (DPI): A network security technique that examines the contents of data packets as they pass through a network to identify and block threats.
E
- Encryption: The process of converting data into a coded language to protect it from unauthorized access.
- Endpoint: A device, such as a laptop, smartphone, or tablet, that connects to a network.
- Endpoint Detection and Response (EDR): A security solution that monitors endpoints, such as desktops, laptops, and mobile devices, for signs of a security breach and provides automated response capabilities.
- Encryption: The process of converting plaintext data into a scrambled form that can only be decrypted with a secret key or password.
F
- Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
- Forensics: The process of collecting and analyzing evidence after a security incident or breach.
- File Integrity Monitoring (FIM): A security solution that tracks changes to files and systems to detect unauthorized modifications or tampering.
G
- Governance: The set of policies, procedures, and controls that dictate how an organization is managed and operated.
- GDPR: General Data Protection Regulation, a regulation in the European Union that establishes data protection and privacy rights for EU citizens.
- Governance, Risk, and Compliance (GRC): A framework that helps organizations manage risks and comply with regulations and industry standards.
H
- Hacking: The act of exploiting weaknesses in computer systems or networks to gain unauthorized access.
- Hosted Security: Security solutions that are provided and managed by a third-party service provider.
- Honeypot: A security mechanism that simulates a vulnerable system or network to lure attackers and gather intelligence on their methods and tactics.
I
- Identity and Access Management (IAM): The process of managing and controlling user access to applications, systems, and data.
- Intrusion Detection System (IDS): A security solution that monitors network traffic for signs of a security breach.
- Incident Response: The process of responding to a security incident, including detecting, investigating, containing, and recovering from the incident.
- Intrusion Detection System (IDS): A network security solution that monitors network traffic for signs of a security breach and alerts security personnel when suspicious activity is detected.
J
- Just-in-Time (JIT): A security practice where access is granted to users or devices only when they need it for a specific task or period of time.
- JSON Web Token (JWT): A compact, URL-safe format for securely transmitting claims between parties, often used for authentication and authorization purposes.
K
- Known Threats: Cybersecurity threats that have been identified and documented, allowing security teams to create defenses against them.
- Kill Chain: A framework used to describe the stages of a cyber attack, which can help SOC teams better understand and respond to threats.
- Kernel: The central part of an operating system that manages system resources and interacts with hardware. Kernels can be targeted by attackers to gain control of a system.
L
- Log Management: The process of collecting, analyzing, and archiving log data from various sources to detect security incidents or breaches.
- Malware: Any software that is designed to cause harm to computer systems or networks, including viruses, worms, and Trojan horses.
- Layered Security: A security approach that uses multiple layers of security controls, such as firewalls, antivirus, and intrusion detection, to protect against a wide range of security threats.
M
- Managed Security Service Provider (MSSP): A third-party service provider that offers managed security solutions to organizations.
- Multi-factor Authentication (MFA): A security process that requires users to provide more than one form of authentication to access a system or application.
- Malware: Any software that is designed to harm or exploit a computer system or its users, including viruses, worms, Trojans, and ransomware.
M
O
P
R
S
T
U
V
W
X
Y
Z
M
- Network Security: The practice of protecting computer networks from unauthorized access or attack.
- Next-Generation Firewall (NGFW): A firewall that uses advanced techniques such as deep packet inspection and application-level filtering to improve network security.
O
- Outsourcing: The practice of contracting out business functions, including cybersecurity, to a third-party service provider.
P
- Penetration Testing: The practice of testing computer systems or networks for vulnerabilities that could be exploited by attackers.
- Phishing: A type of social engineering attack in which an attacker poses as a trustworthy entity
- Patch Management: The process of keeping computer systems and software up to date with the latest security patches and updates.
- Privileged Access Management (PAM): The practice of managing and controlling access to sensitive systems, applications, and data by privileged users.
R
- Risk Assessment: The process of identifying and analyzing potential security risks to an organization’s assets, systems, and data.
- Ransomware: Malware that encrypts a victim’s data and demands payment in exchange for the decryption key.
S
- Security Information and Event Management (SIEM): A security solution that aggregates and analyzes security data from various sources to detect and respond to security incidents.
- Social Engineering: The use of psychological manipulation techniques to trick users into divulging sensitive information or performing actions that could compromise security.
T
- Threat Intelligence: Information about potential threats to an organization’s systems, applications, and data, including information about threat actors and their methods.
- Two-Factor Authentication (2FA): A security process that requires users to provide two forms of authentication to access a system or application.
U
- Unified Threat Management (UTM): A security solution that combines multiple security functions, such as firewall, antivirus, and intrusion detection, into a single device or service.
- User Behavior Analytics (UBA): A security solution that uses machine learning and artificial intelligence to detect anomalous user behavior that could indicate a security threat.
V
- Virtual Private Network (VPN): A network technology that allows users to securely connect to a private network over a public network, such as the internet.
- Vulnerability Assessment: The process of identifying and analyzing potential vulnerabilities in an organization’s systems, applications, and data.
W
- Web Application Firewall (WAF): A firewall that is specifically designed to protect web applications from attacks.
- Whaling: A type of phishing attack that targets high-level executives or other high-value targets within an organization.
X
- XML Security: The practice of securing XML-based web services from attacks and other security threats.
- XOR Encryption: A simple encryption method that uses the XOR logical operator to encrypt and decrypt data.
Y
- Yellow Team: A group within a SOCaaS program that focuses on proactive threat hunting, testing and validating SOC defenses, and identifying weaknesses in security systems.
- YARA: Yet Another Recursive Acronym, a tool used to identify and classify malware based on patterns and rules. It is often used by SOC teams for threat hunting and detection.
- YubiKey: A hardware authentication device that generates one-time passwords and can be used for two-factor authentication (2FA) to enhance security.
- Yellow Card: A warning issued by a SOC team to a user or device on a network, indicating suspicious or potentially malicious behavior.
- Yottabyte: A unit of digital storage equal to one trillion gigabytes (or 10^24 bytes). SOCaaS providers may need to store and analyze massive amounts of data, making yottabyte-scale storage solutions necessary.
Z
- Zero Trust: A security model that assumes that all users, devices, and applications are potentially untrusted and requires continuous authentication and authorization to access resources.
- Zero-Day Vulnerability: A vulnerability that is exploited by attackers before it is discovered and patched by security researchers or vendors.
- Zeus: A Trojan horse malware that targets Windows systems and is often used to steal banking credentials and other sensitive information.