View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 27, 2019

To SOC or not to SOC? This £17 Billion Pension Group Wants to Know…

"Be wary of any supplier that says their SIEM is a panacea"

By CBR Staff Writer

The Local Pensions Partnership (LPP) – a public sector pension fund service provider with £17.4 billion of assets under management – says it is considering using a third-party security operations centre (SOC), and has allocated a humble £15,000 to estabishing whether or not this is a good idea.

All interested third-party suppliers should be able to demonstrate a ‘traceable’ view of the benefits that a SOC would provide to the LPP, alongside a clear determination of the internal and external cost of such a system, it said in a contract notice for this discovery phase analysis .

Local Pensions Partnership:  So, Why Use a SOC?

The LPP has currently tasked its own internal security working group with the cybersecurity safeguarding of its data and infrastructure. (The LPP also provides pensions administration services to more than 600,000 members across LGPS, Police and Firefighters pension schemes.)

The LPP’s security team outlined their requirements in the contract notice, with the project lead saying: “I need to ensure that pro-active and reactive threat detection is occurring on a continuous basis, thereby enabling action to be taken to protect LPP technologies, data and the domain.”

The closing data for supplier applications to the discovery phase is December 10,  2019. The analysis needs to be conducted within eight weeks.

SOC’s Come in “Variety of Flavours”

As the UK’s National Cyber Security Centre (NCSC) notes, SOCs come in a “variety of flavours” and can cover the entire incident management process.

Their offerings can span:

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
  • integration, management and review of traffic feeds
  • protective monitoring
  • initial triage and analysis
  • vulnerability management
  • alerting and response
  • incident management
  • root cause analysis
  • patching & remediation
  • correlation management, Security Information and Event Management (SIEM) tuning
  • continuous improvement
  • key management

As the NCSC warns in a useful guide for businesses in a similar situation: “Be wary of any supplier that tells you that security information and event management (SIEM) is a panacea…

“Good SOC analysts don’t develop anything in the SIEM until they’ve proved an idea using scripts and logs first. A good supplier will have a content development checklist and a standard process for proposing, justifying and implementing rulesets in your SIEM.”

It adds: “Don’t assume your business wants to hear what the SOC finds. Your SOC has detected something; who will care and what you do next? Work back from the end of the incident and verify you can achieve each stage before levying a requirement upon your SOC. Ensure the action you wish to take is legal and covered by internal policy.”

As a SOC enters the operational phase, resourcing overheads will diminish, but expect a number of false positives to occur while the supplier learns to understand the way your business operates, it adds.

Do you use an SOC? Are you happy with its services? Get in touch with our editorial team – we’d like to hear about your experiences. 

See Also: New Year New Y2K as Splunk Timestamp Gets Confused by the Passage of Time

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.