What is SOC?
Armor’s Security Operations Center or “SOC” is a team of cybersecurity professionals (analysts, engineers, forensics experts, and support staff) that provide our customers with incident response, investigation, and threat hunting capabilities and guidance. Customers of our SOC subscription have their environments continuously monitored and analyzed, and any incidents created are actively responded to by Armor’s experts.
Our SOC solution is part of a full service solution that complements our Extended Detection and Response (XDR) solution (collectively XDR+SOC). While our XDR solution is available as a standalone subscription, our SOC solution is only available as part of the a combined XDR+SOC solution – this ensures that our SOC can leverage all of the efficiencies provided by our XDR stack as well as ensuring the quality of the data and insights produced by that stack.
|Monitors for incoming alerts and performs initial analysis to correlate additional/subsequent alerts, collect any necessary enrichment or contextual data, and uses these to rule out false positives and provide this context detail to incident responders.
|Reviews incident details and associated alerts to validate the initial analysis and works to establish the sequence of events as well as the scope and impact of the incident. Together with the collective incident response team, Incident Responders decide on a strategy for mitigation and containment, remediation, and recovery, and then puts that strategy into action.
|Is the central point of contact for the incident response team and acts as the conduit for business communications during an active incident, managing the incident end-to-end through planning and implementation of each phase of the response.
|A subject matter expert (SME) in the campaign’s area of concern, Threat Hunters are responsible for analyzing threat intelligence, executing threat hunting campaigns, and translating findings into plans of action.
|Ensures that the tools and platforms used by the SOC are operational and properly updated. Security engineers are also responsibility for the optimization and automation of these tools and processes.
|Understands each customer’s unique needs and priorities and translates these into procedures and runbooks that the SOC will follow when responding to alerts and incidents. Security Consultants also provide cybersecurity strategy guidance to our customers to ensure their security outcomes are maximized.
Incident Response and Investigation
Armor continuously monitors your SIEM and analytics planes for alerts, indicators of compromise, and indicators of attack. Our team of cybersecurity experts will then analyze all of the incoming alerts and indicators to determine the validity of the alerts (checking for false positives, etc.) and then create a customized plan for mitigation, containment, remediation, and recovery. Our team of experts helps prioritize actions and provides strategic and tactical guidance for implementing such action plans.
Available at the Enterprise subscription level, in-depth forensic investigations are available to perform Root Cause Investigations (RCIs) and to perform Root Cause Analysis (RCA). This can be integrated into your organization’s existing incident retrospective processes or facilitated separately with findings delivered to you via our Solutions Consultants.
Threat and Vulnerability Analysis
The cybersecurity threat landscape is constantly evolving, with new emergent threats being discovered every day. Armor’s SOC team is constantly monitoring Cyber Threat Intelligence (CTI) feeds, deep and dark web activity, to identify new threats and analyze how they might affect your organization. Our SOC team then translates these insights into actionable controls such as detection and correlation rules, threat hunting campaigns, and other strategic guidance.
Beyond detecting known threats, Armor is constantly on the lookout for emergent threats that might be missed by standard detection mechanisms. Our XDR subscription levels each include a quantity of monthly threat hunting campaigns and IOC searches, and they may also be purchased separately.
Shared Responsibility Model
Armor works with our customers (and their partners and providers) to ensure their environments are secure and compliant using a shared responsibility model. This model allows our customers to focus on the aspects of the stack that they are uniquely qualified or positioned to maintain, and rely on Armor to provide the reference architecture and guidance stemming from our expertise.