How to start a SOC for free

Starting a Security Operations Center (SOC) operation is never easy. Establishing a SOC involves a large investment of both money, technology  and people skills. The most highest investment will be on security tools.

As we all know, security consists of a Layered Approach (People, Processes, and Technology). We are going to discuss only on Technology aspect. This domain includes below aspects,

  • Cyber threat intelligence databases and feeds
  • Governance, risk, and compliance systems (GRC)
  • Intrusion detection systems (IDS)
  • Intrusion prevention systems (IPS)
  • Penetration testing tools
  • Vulnerability scanners

In the market, there are sophisticated tools and technologies. But most of the organizations can not afford such. So, the option left is Open source and Shareware. So, will look at the open source solutions that will trigger as a starting point.

Hope to see a successful SOC operation…If you are looking to validate the security skills of your team you can use the OpenSOC

RFI vs RFQ vs RFP

In Vendor Management, we come across these terms.

  • RFI – Request For Information
  • RFQ – Request For Quotation
  • RFP – Request For Proposal

But most of us find bit confusing. So, lets see the differences among those 3 terms. Following the Table, you may also find a nice video.

Type of Vendor Request Request for information Request for quotation Request for proposal
Purpose Looking for information or  not sure what solution might solve the problem You know exactly what you want and why, but need to explore financials When you’re ready and  evaluate many factors before making a choice
Questions Questions designed to educate and inform Questions about what it will cost to meet the requirements Specific, detailed questions about the service
Format Casual, asking for help Structured and prescriptive Formal and direct
Benefits Help inform next steps to meet business needs Allows buyers to focus on price Provides a clear comparison of vendor offers and capabilities