In response to my article on evaluating SOC-as-a-service providers, a reader sent in a detailed and thorough copy of his request for proposal (RFP) and agreed to share it here. He has a lot of security background and works for a large trucking carrier that operates services throughout North America. If you think they are guys driving trucks, you would be wrong. His company has been on the forefront of using technology in their business, including deploying roll stability, disc brakes, GPS trackers and accident avoidance systems.
[ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ]
While the firm has a rich tech background, it doesn’t have an extensive security staff and wanted a SOCaaS vendor to help manage the alerts across their enterprise, including the sensors embedded in their rolling stock and in offices. In that regard, it is typical of a medium-sized enterprise.
The company got more than three-dozen responses to its RFP, many of them with complete and detailed answers. The respondents included Rocus Networks, AT&T, Sword and Shield, Dark Trace, Rapid7, Sumologic, IBM, Guidepoint and Arctic Wolf. Interestingly, the price quotes varied from $50,000 to $500,000 per year for the services cited. The company evaluated and scored each vendor’s response and placed them in a giant spreadsheet – the ultimate database tool – to come up with five finalists, who were asked for additional information before the trucking firm chose a winner.
What interested me about the entire exercise, at least from my outsider’s perspective, is how detailed the questions were and how willing the vendors were to answer more than 100 questions. Clearly, the vendors are looking for customers, and given the fees involved, you can see why. This means that if you are in the market for a SOC-aaS provider, err on the side of completeness and put as much effort as you can into understanding their business model and how they will provide their services.
Let’s look at the eight overall categories of the RFP and some of what they requested:
A few of the questions on the RFP are particularly interesting and worth asking. I have highlighted them below:
Thanks to the anonymous reader, anyone evaluating SOCaaS providers now has a good starting point to build their RFP.
More on network security:
David Strom writes and speaks about security, networking and communications topics for CSO Online, Network World, Computerworld and other publications. He can be reached through his web site, or on Twitter @dstrom.
Copyright © 2019 IDG Communications, Inc.
Copyright © 2022 IDG Communications, Inc.