Security Analytics and Security Operations Center as a Service

Strengthen cyber defences with security analytics and SOC as a service

Evidence of security incidents crops up in various systems. Often, however, there is no central location for consolidating or analysing the logs. As a result, those in charge do not have the necessary overview, resulting in incidents being detected too late. The situation is then exacerbated by a lack of specialists and cost pressures.

For cost reasons: Security Analytics and SOC as a Service

The complexity of today’s infrastructures, which are often hybrid, makes it difficult to analyse and respond appropriately to security incidents. SIEM (Security Incident and Event Management) systems for comprehensive analysis are expensive and companies will rarely have the specialist staff to support 24/7 operation. And while cost pressures are impacting company budgets and resources, cybercriminals are stocking up their arsenals.
It is not economical for many companies to set up their own infrastructure for Security Analytics (SA) or even a Security Operations Center (SOC) as part of comprehensive threat detection & response. This means that managing the infrastructure from within the organisation is often not an attractive solution. Managed Services, such as Security Analytics as a Service (SAaaS) or SOC as a Service (SOCaaS), are therefore attractive alternatives for reasons of cost and security.

Your benefits

  • Save and control costs with modular services

  • Achieve the necessary security level without the infrastructure costs

  • Minimise downtime and response times thanks to round-the-clock operation

When is it the right solution?

Companies need to regain visibility of security-related incidents to be able to respond in a timely manner. This is the only way to prevent outages, data loss and reputational damage. Central security analytics systems or a comprehensive security operations centre are central to this. The challenge facing IT security managers is how to meet these requirements within budget and with the available specialist staff.

To address IT security as a whole under these conditions, you need a sourcing strategy for threat detection & response. With security analytics and SOC as a service, you can provide the required security services at predictable costs and ensure the necessary level of security. Such services include state-of-the-art solutions for SIEM and SOAR (Security Orchestration, Automation and Response), which give you a good overview of security incidents, allowing you to respond in good time.

Why Swisscom?

  • Experience: we understand and protect our own infrastructure and the infrastructures of many of our customers.
  • Customised: you benefit from our specially developed analytics use cases.
  • Specific: you implement your own use cases with analytics and SOC as a Service.

The first step


SAaaS & SOCaaS in detail

Security Analytics as a Service (SAaaS)

Detection of security incidents as a self-service with these main functions:

  • Big Data platform for analysing all log files
  • Integration of a SIEM, including dashboard, for the detection of events
  • Threat detection use case (customised if required) for the detection of incidents
  • Reporting for compliance requirements (e.g. FINMA) and to meet the obligation to provide proof
  • 24/7/365 operation

Security Operations Center as a Service (SOCaaS)

Detection of security incidents and analysis with recommendations for action (requires SAaaS):

  • All aspects of SAaaS
  • Security event management of incidents from SAaaS and, optionally, from third-party systems
  • Notification and escalation of security incidents
  • Support by experienced security experts

Application examples

For cost reasons, it is not economical for you to operate a Security Operations Center around the clock with your own specialist staff. With SAaaS and SOCaaS, you can source security monitoring as a service at predictable costs.

With your existing SIEM, you are inundated with false positives or are unable to integrate all logs and correlate events manually. If your existing infrastructure is no longer fit for purpose, SAaaS gives you a modern and scalable SOAR environment.

Is your cyber defence up to the job of protecting your complex infrastructure from sophisticated cyber attacks? With Security Operations Center as a Service, you can be sure of a timely detection and response to security incidents.

Threat Detection and Response overview

SAaaS and SOCaaS are the basic modules of the Threat Detection & Response service. Log files and other sources for events are correlated and analysed on a Big Data platform. The Security Analytics dashboard provides information about events; with SOCaaS, Swisscom security experts also take over the event management.

Our experts will be happy to answer your questions. Contact us.