The e2e-assure approach
This is the third article of a three part series that provides advice to organisations looking to procure managed security monitoring, protective monitoring (PM) and/or Security Operations Centre (SOC) services. This article explains the e2e-assure approach to delivering protective monitoring services.
The approach differs depending on the customer. We have designed this flexibility into our services in order to accommodate different levels of customer requirements. We provide services not products, these services are pay as you go, scalable and flexible enough to cover any size organisation.
Deployment and services with e2e-assure
The examples below provide some further insight into this but the message is that we have built flexibility, elasticity and agility into our service so that it works with any type of customer.
Small Businesses
Typically the smaller business we engage with do not have a pre-existing protective monitoring or SOC service prior to working with us. There we e2e-assure provide the fully managed service and all software and services to deliver a complete SOC and PM service (with a service level/SLA to match their requirement).
Monitoring for Medium Sized Businesses
Most medium sized businesses that engage with us have a small security team and some existing security devices such as IDS. To assist these businesses in the best way possible e2e-assure provide:
- Log management/SIEM solution and integrate with their existing IDS.
- Cost effective service expansion and triage, analysis and incident management.
These customers’ team can share the SOC services (co-operate the service with e2e-assure) or choose to use their limited resource to analyse tickets raised to a certain severity, etc
Monitoring for Large Sized Businesses
Large sized businesses that engage with us often have existing SOC and in house PM service with pre-existing investments in a Logging solution’s or SIEM solution.
Therefore to best assist these customers by:
- Integrated our services and technologies with the existing technology and services (typically we integrate and utilise the existing SIEM as our services will work with most of the common SIEM and log management solutions).
- Typically the SOC is co-operated with e2e-assure picking up the majority of the first level work and the customer’s resource is then used to provide the expert local knowledge – as an escalation point in the triage process.
- Collaborating with the customer to create the playbooks and workflows needed for the shared SOC to operate effectively.
- Providing cost effective service expansion and triage, analysis and incident management.
Monitoring Enterprise Sized Businesses
Enterprise sized businesses often have an area of complexities to their environment including existing SIEM as well as many other security tools and an advanced in house SOC service, forensic analysis team, etc.
This situation is similar to operating with large sized businesses but due to the advanced nature of the existing services e2e-assure provide the first level responses as well as value added intelligence and situation awareness services and other higher end security services.
These customers are either concerned with expanding coverage cost effectively or want to leverage the latest technology and services provided by e2e-assure. Therefore we will typically lead deployment and tuning exercises as well as first level response so that the existing team can be utilised as effectively as possible
Offboarding with e2e-assure
This varies depending on the type of customer due to the varying complexity of customer environments.
Small Sized Businesses
- We migrate all of the data into the new service and forensically wipe any of their data held anywhere
- We can also offer to dual run the services to ease transition on a month by month basis (fade out)
Medium Sized Businesses
- As 1 above but we can offer to provide support for the value added services we provide such as the IDS, packet capture kit, etc that we deploy. This allows the customer to keep these devices but use a different PM/SOC provider
Large Sized Businesses
- As 1 and 2 above but as part of the fixed off boarding fee we can leave the existing datastores/logs/databases as they are and provide instructions on how they can be used with the new service (i.e. we leave all the kit in place and provide root level accounts, instructions, etc so the customer can do what they want with it – we hand over the keys and all the data)
- We can also offer to provide just support and maintenance of the kit so it can be operated by the customer or another supplier
Enterprise Sized Businesses
- As above but we can break down our service into chunks of value add that they may wish to keep or co-develop further with us. These are typically the services that we provide that the new supplier doesn’t – we keep the gaps filled by only charging for the bits of the service they now use
In Conclusion
As a general rule we are as easy to join and as easy to leave as possible. We think we provide more and do it better than everyone else – therefore we don’t need to tie you in. In fact we guarantee not to tie you in – by providing fixed on and off boarding that covers this and by offering flexibility as outlined above. To review our services in full, visit our services page.
Always choose suppliers with up to date, valid Cyber Essentials Plus (CES+) and ISO27001:2013 certifications – and ensure that these are scoped correctly (cover the services they are supplying to you).