How open are companies generally to managed SOC?
Andy Felbinger: Companies are open to the idea – if only because they are increasingly having to deal with the issue. The threat situation has become more and more serious over time, so new solutions for greater security are in demand. A second point is regulation. NIS-2, DORA and some certifications require far-reaching defence mechanisms. These range from building employee awareness to monitoring endpoints – for example, through a Security Operations Centre, or SOC for short. The requirements vary depending on the applicable regulations.
What makes a managed SOC special for companies?
Andy Felbinger: This question must be answered from two perspectives: As cyber defence specialists, we take on the task of protecting a company's crown jewels – its IT infrastructure and all its data – as best we can. When we detect a cyber attack on one of our customers, we stop it immediately to minimise the damage. This brings us to the second perspective: the customer's point of view. For a company, this is a matter of trust. The person responsible entrusts the managed SOC service provider with the complete IT security of their IT systems. They trust that this task will be performed to the best of our ability, thereby guaranteeing a high level of security.
How do you market a complex security product such as Managed SOC? How does it differ from traditional security solutions?
Andy Felbinger: Trust plays a major role here too. We maintain close contact with our customers right from the start. Often, there are many questions to be clarified during the initial consultation, for example, regarding the network, any special features that need to be taken into account, and our scope of services. We also talk a lot about data protection. In addition, we provide information about which IT system data we need to access and which we do not.
When selling traditional security software, we talk a lot about features and answer questions about our offering. This is also the case with Managed SOC, of course. However, the exchange is more intensive and detailed here because we are dealing with a more complex security solution. We also communicate regularly during ongoing operations. From time to time, adjustments are necessary because a company's network is constantly changing, and with it, some of the requirements. Our specialists are often in contact with customers when it comes to recommendations for action. In other cases, they discuss malicious activities that have been detected and require a quick response. Of course, this is not the case with an endpoint security solution. Here, we have less contact with the person responsible.
What do you consider particularly important when selling Managed SOC?
Andy Felbinger: We focus on providing customers and interested parties with comprehensive information. We not only talk about the technical details and processes of our Managed SOC solution, but also about data protection and data storage. We are the only security manufacturer that maintains its servers exclusively in Germany. This is very important for many companies and also for public sector clients.
A Managed SOC is a very comprehensive solution that is linked to system monitoring and incident response. Service plays a crucial role here, and we demonstrate this with the help of proof of concepts (PoCs). This is a trial version that uses our real service. The advantage here is that our team of analysts, the security operations team and technical account management are based at G DATA's headquarters in Bochum and work hand in hand. Of course, customers first need to get to know the service and assess how good it is compared to other providers.
Which aspects of Managed SOC are particularly important to customers?
Andy Felbinger: The most important thing for customers is that their IT systems are comprehensively protected against cyber threats and that any attacks are stopped early on so that the damage is minimal or does not occur at all. Of course, it is also crucial that they feel well looked after by us – this is the only way to establish the trust that is so important for cooperation. Customers need to feel confident in us because we are their security service provider or, more precisely, their Security Operations Centre. Our German-language service and support play a very important role in this regard. This means there are no language barriers and questions can be answered quickly.
Another important factor from the customer's point of view is, of course, the price. A managed SOC is more expensive than a traditional antivirus solution. However, in return, companies not only receive security software, but also a comprehensive service and do not have to worry about their IT security themselves. This also saves them from having to hire additional IT specialists and set up a 24/7 shift system.
IT managers also want to know what our response times are. I can say that we are really fast: on average, we detect an incident in less than a minute and resolve it in about half an hour.
What problem are companies trying to tackle with managed SOCs?
Andy Felbinger: IT managers want to take their company's IT security to the next level. Often, they can't do this on their own because they lack the expertise and sufficient personnel. We're talking about IT security being a 24/7 task, as attacks happen around the clock. It must be assumed that an average medium-sized company needs at least eight employees to operate a SOC. These people first have to be found and then, of course, paid accordingly. Added to this are the costs for regular training and the licence fees for the solution. It is therefore more economical to opt for a managed version.
Another major challenge for companies is the issue of regulation. Depending on the company, field of activity and industry, certain certifications must be obtained and different guidelines must be met. One example here is the NIS 2 Directive. A managed SOC helps to comply with the rules.
Do you and your team have to do a lot of educational work regarding data protection?
Andy Felbinger: Yes, that's a classic question that comes up quickly, especially with public clients and operators of critical infrastructures. What data do you see at work and where is it stored? Many other manufacturers use foreign cloud providers here, so there is no German legal basis. We host 100% of our data with our partner IONOS in data centres in Berlin and Frankfurt am Main. This means that German data protection law is the legal basis for us, rather than US legislation, for example. When it comes to data use, we naturally adhere to the principle of economy. We only look at the information that is necessary for our work. Our stance on data protection and data storage even gives us a certain competitive advantage.
Which companies are suited to a managed SOC? Is this only affordable for large companies?
Andy Felbinger: In principle, all companies are interesting targets for cybercriminals. Therefore, in my opinion, it makes sense for everyone – even small and medium-sized businesses with ten or 15 users. Many companies and even the public sector are not in a position to monitor their IT systems around the clock and respond immediately to incidents.
Unlike other manufacturers and service providers, we offer our managed SOC to all companies with five or more seats. We make no distinction in the service we provide, regardless of whether the customer is small or large. The only differences are based on the selected service level – both in terms of price and scope of services. This makes our managed SOC attractive and affordable for small businesses.
This is the first part of the blog series “The minds behind Managed SOC”. The next article will focus on onboarding. Stay tuned!
