The Local Pensions Partnership (LPP) – a public sector pension fund service provider with £17.4 billion of assets under management – says it is considering using a third-party security operations centre (SOC), and has allocated a humble £15,000 to estabishing whether or not this is a good idea.
All interested third-party suppliers should be able to demonstrate a ‘traceable’ view of the benefits that a SOC would provide to the LPP, alongside a clear determination of the internal and external cost of such a system, it said in a contract notice for this discovery phase analysis .
Local Pensions Partnership: So, Why Use a SOC?
The LPP has currently tasked its own internal security working group with the cybersecurity safeguarding of its data and infrastructure. (The LPP also provides pensions administration services to more than 600,000 members across LGPS, Police and Firefighters pension schemes.)
The LPP’s security team outlined their requirements in the contract notice, with the project lead saying: “I need to ensure that pro-active and reactive threat detection is occurring on a continuous basis, thereby enabling action to be taken to protect LPP technologies, data and the domain.”
“Good SOC analysts don’t develop anything in the SIEM until they’ve proved an idea using scripts and logs first. A good supplier will have a content development checklist and a standard process for proposing, justifying and implementing rulesets in your SIEM.”
It adds: “Don’t assume your business wants to hear what the SOC finds. Your SOC has detected something; who will care and what you do next? Work back from the end of the incident and verify you can achieve each stage before levying a requirement upon your SOC. Ensure the action you wish to take is legal and covered by internal policy.”
As a SOC enters the operational phase, resourcing overheads will diminish, but expect a number of false positives to occur while the supplier learns to understand the way your business operates, it adds.
Do you use an SOC? Are you happy with its services? Get in touch with our editorial team – we’d like to hear about your experiences.