vSOCCan an entire security platform replete with people, processes, and technology be delivered as a service? It sure can.

Introducing: Security Platform as a Service (SPaaS) and GuidePoint Security’s Virtual Security Operations Center (vSOC). SPaaS combined with vSOC is one of the first such offerings to hit the market. SPaaS is the combination of Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and the logical next evolution of Security Information and Event Manager as a Service (SIEMaaS). vSOC is proof that the entire security platform from data ingest, security analytics, human validation, reporting and incident response can be delivered quickly and affordably to customers as a holistic security solution.

  • Software
    • Our core vSOC offering is based around Splunk Enterprise. Splunk is a SIEM market leader and an industry standard tool for machine-data analysis in every single industry.
  • Platform
    • vSOC leverages the powerful and dynamically scalable Amazon Web Services (AWS) platform. Amazon’s EC2 virtual instances power the vSOC for customers large and small. AWS commands the cloud market with approximately 27% market share and five times more cloud infrastructure than the next fourteen providers combined.
  • Infrastucture
    • The AWS platform components in conjunction with the shared resources and data comprise the vSOC infrastructure. We achieve economies of scale through the use of this infrastructure to serve many customers simultaneously.
  • SIEM
    • vSOC utilizes the Splunk Enterprise Security app to provide the SIEM-functionality not inherent in the base Splunk Enterprise software. Providing the SIEM is only part of what makes vSOC a SPaaS.

Incorporating all of the above components into a single unified package with the addition of trained cyber security analysts, security engineers and a proprietary blend of threat intelligence sources makes vSOC a unique and well positioned SPaaS in a world with a significant need for such an offering.

Making the SPaaS Intelligent

The vSOC SPaaS, while extremely versatile and powerful out-of-the-box, has been made intelligent with the addition of a threat intelligence platform designed to feed Indicators of Compromise (IoC) into Splunk for near real-time machine-based correlation. By leveraging Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII), the vSOC is able to process standardized threat information through open-source, standardized exchange services.

User Behavior Analytics (UBA)

No enterprise security platform is complete without User Behavior Analytics. vSOC addresses UBA through our partnership with Exabeam. Exabeam’s Splunk integration provides a robust platform for risk-based scoring of user activity within the enterprise. Exabeam uses multiple behavior models to dynamically track credentialed activity across the network. Exabeam extends the capabilities of our Splunk platform by adding Stateful User Tracking, Behavioral Analysis and a powerful Risk Engine. By identifying risky user-based activity on a customer network, vSOC can alert the customer to quickly remediate a potential insider threat.

Third-Party Threat Intelligence

vSOC has built an extensible threat intelligence platform integrated into Splunk to ingest indicators and threats from trusted third parties. This threat intelligence data is then used to detect malicious or dangerous activity within customer environments that use Splunk’s machine-based correlation capabilities. Our threat platform is Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) compliant. GuidePoint has established a relationship with the Department of Homeland Security (DHS) that enables vSOC to ingest and distribute Indicators of Compromise (IoC) from the DHS United States Computer Emergency Readiness Team (US-CERT) and the National Cybersecurity and Communications Integration Center (NCCIC).

Why Choose SPaaS?

Outsourcing your security activities to a third-party provider is a cost effective and expedient solution for bringing your organization into compliance with security monitoring. While having top-quality technologies is an important component of the security process, they don’t generate much value to your business without security experts available to manage them. GuidePoint’s vSOC brings years of experience, an astounding depth of technical knowledge and the critical strategic partnerships and investments we’ve made in security technologies and threat intelligence solutions. vSOC’s SPaaS augments your existing security team and infrastructure to transform your organization into a consumer of technologies while empowering your security practitioners to focus on what’s important.

GuidePoint Security and Exabeam at the RSA Conference 

GuidePoint Security and Exabeam will be at RSA Feb. 29-March 4 hosting live demos of GuidePoint’s vSOC and Exabeam’s UBA. To schedule a time to see the demo visit: http://gpsec.me/1KfTkrM.

GuidePoint will also be hosting a reception at the RSA Conference on Feb. 29, 6-9 PM. Click here for more details: http://gpsec.me/rsa2016.

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.