Setting up Security Operation Center

Published On: 29/07/2023 Author: MKK

Setting up Security Operation Center

One of the leading life science organization wants to establish a fully functional Security Operation Center to enhance their overall cybersecurity posture for their organization with a support of 7000 EPS but the coverage should be 24/7. They wanted to implement industry-leading security tools and technologies to monitor network activities, detect potential threats, and respond to security incidents in real-time.

Also they wanted to enhance incident response capabilities by creating well-defined processes and procedures to handle security incidents efficiently and effectively. Moreover they wanted to train and equip the SOC team with the necessary knowledge and skills to operate and maintain the SOC infrastructure.

The Requirement

The following tasks are included in the scope of work required to set up the Security Operation Center; however, this list is not exhaustive.

Architecture and Design of SOC with following functionality which includes tool selection, infrastructure setup, integration with existing systems, training, testing and validation

a. Security Incident Management

b. Security Analysis Report

c. Log Management

d. Threat Hunting

e. Predictive Analytics

f. Security Orchestration Automation & Response

g. Threat Intelligence

h. Event and Device using manual analysis

i. Vulnerability & Penetration Testing

j. Content Enhancement

The deliverables

In the course of carrying out this project, the following deliverables are expected by the client which is accepted by our organization and they have chosen me to deliver this project.

a. Documentation of the SOC Design and Architecture – Living HLD

b. Designed, Built, and Implemented the SOC Infrastructure

b. Documentation of the Incident Response Plan

d. Instructional Resources and Documentation

e. Documentation Concerning Validation Tests and Test Reports

Please keep in mind that some of the details might have changed by the time you read this due to the rapid development of cloud technology. This project delivered by mid 2021

The Suggested Architecture

Client preferred Microsoft Sentinel based approach as they wanted the core integrations and reference points in how this is managed across the Microsoft tooling ecosystem, so we used Mark Simos’s Microsoft Cybersecurity Reference Architectures (MCRA)

My Role:

Chief Architect – accountable and responsible for the delivery of the entire project, from beginning to end. This consists of the assessment & remediation, tools implementation and remediating most critical CVEs.

Project Details:

Team Size: 8 Members SOC Team

Project Duration: 10 Weeks for deployment, now its ongoing operation

Project Cost: T&M


The project delivered as scoped within the timeframe but this project gave a long term relationship with the customer as they have given us 3 managed SOC contract to us.

You cannot copy content of this page