Basic AI – Powered SOC

Overview:

This project aims to provide comprehensive cybersecurity protection for a small business with 2-5 computers using the Tier 1 – Basic plan. The plan includes various services designed to ensure the security and compliance of the business’s IT infrastructure.

Services Included:

1. Threat Intelligence:
   • IOC-based Feeds (Basic): Provides basic Indicators of Compromise (IOC) feeds to help identify potential threats.
2. EDR / SIEM Log Monitoring:
   • 7 Days Retention Period: Continuous monitoring and logging of security events with a 7-day retention period. Longer periods can be custom-quoted.
3. Incident Response:
   • 1.5 Hours Free: Includes 1.5 hours of free incident response services per month to address any security incidents promptly.
4. Vulnerability Scan via EDR:
   • Regular vulnerability scans using Endpoint Detection and Response (EDR) tools to identify and mitigate potential vulnerabilities.
5. Compliance Scan via EDR:
   • Ensures compliance with industry standards and regulations through regular compliance scans.
6. Phishing-Email Investigation:
   • 20 Auto-Checked Emails/Month: Automated checking of 20 phishing emails per month using Machine Learning (ML) and auto-ticketing for efficient handling.
7. Threat Hunting:
   • Basic, Weekly: Basic threat hunting services conducted weekly with one concurrent threat hunt.

Additional Services:

1. Extra Auto-Checked Emails:
   • CHF 1.00/Email: Additional phishing emails can be auto-checked at a cost of CHF 1.00 per email.
2. Extra Manual-Analysis Emails:
   • CHF 5.00/Email: Manual analysis of phishing emails is available at a cost of CHF 5.00 per email.
3. Extra Incident Response Hours:
   • CHF 250/Hour: Additional incident response hours can be purchased at a rate of CHF 250 per hour.
4. Live-Forensics Agents (Per Host):
   • CHF 30/Host (One-Time): Live-forensics agents can be deployed on each host for a one-time cost of CHF 30 per host.

Pricing:

• Monthly Cost: CHF 25/Month/Host
• Total Monthly Cost for 2 Hosts: CHF 50
• Total Monthly Cost for 5 Hosts: CHF 125

Implementation Plan:

1. Initial Setup:
   • Deploy EDR agents on all hosts.
   • Configure SIEM for log monitoring and set up the 7-day retention period.
2. Threat Intelligence Integration:
   • Integrate IOC-based feeds into the security infrastructure.
3. Incident Response Preparation:
   • Set up incident response protocols and allocate the initial 1.5 hours of free incident response services.
4. Regular Scans and Hunts:
   • Schedule regular vulnerability and compliance scans.
   • Conduct weekly threat hunting activities.
5. Phishing Email Protection:
   • Configure the phishing email investigation service to auto-check 20 emails per month.
6. Additional Services (Optional):
   • Offer additional services such as extra auto-checked emails, manual-analysis emails, and incident response hours based on client needs.

Conclusion:

This project provides a robust cybersecurity framework for small businesses with 2-5 computers, ensuring protection against various threats while maintaining compliance with industry standards. The Tier 1 – Basic plan offers essential services at an affordable cost, with options to scale up as needed.

Total Ownership Cost for the Project

Assumptions:

1. Number of Hosts: 5
2. Duration: 1 Year
3. Additional Services:
   • Deployment of Live-Forensics Agents on all hosts (one-time cost)
   • One major incident requiring 8 hours of Incident Response (IR)

Monthly Costs:

1. Basic Plan Cost:
   • CHF 25/Month/Host × 5 Hosts = CHF 125/Month
2. Annual Basic Plan Cost:
   • CHF 125/Month × 12 Months = CHF 1,500/Year

One-Time Costs:

1. Live-Forensics Agents:
   • CHF 30/Host × 5 Hosts = CHF 150 (One-Time)

Additional Incident Response Costs:

1. Major Incident IR Hours:
   • 8 Hours of IR at CHF 250/Hour = CHF 2,000

Total Ownership Cost Calculation:

1. Annual Basic Plan Cost: CHF 1,500
2. Live-Forensics Agents (One-Time): CHF 150
3. Major Incident IR Hours: CHF 2,000

Total Ownership Cost for One Year:

• CHF 1,500 (Annual Basic Plan) + CHF 150 (Live-Forensics Agents) + CHF 2,000 (IR Hours) = CHF 3,650

Summary:

The total ownership cost for the project, including the deployment of Live-Forensics Agents and handling one major incident with 8 hours of Incident Response over one year, is CHF 3,650.

Project Benefits

Implementing the Tier 1 – Basic cybersecurity plan for your small business offers numerous benefits, ensuring robust protection and compliance while supporting operational efficiency. Here are the key advantages:

1. Enhanced Security Posture:

• Threat Intelligence: IOC-based feeds provide early warnings about potential threats, allowing proactive measures to be taken.
• EDR / SIEM Log Monitoring: Continuous monitoring and logging of security events help in quick detection and response to anomalies.

2. Compliance and Vulnerability Management:

• Vulnerability Scans: Regular scans identify and mitigate vulnerabilities, reducing the risk of exploitation.
• Compliance Scans: Ensures adherence to industry standards and regulations, avoiding potential fines and reputational damage.

3. Effective Incident Response:

• Free Incident Response Hours: 1.5 hours of free incident response per month ensures that minor incidents are addressed promptly without additional cost.
• Scalable IR Services: Additional incident response hours can be purchased as needed, providing flexibility during major incidents.

4. Phishing Protection:

• Automated Phishing Email Investigation: Automatically checks 20 phishing emails per month using ML and auto-ticketing, reducing the manual effort required to handle potential threats.
• Additional Checks Available: Option to purchase extra auto-checked or manually analyzed emails ensures comprehensive protection against phishing attacks.

5. Proactive Threat Hunting:

• Weekly Threat Hunts: Basic threat hunting services conducted weekly help in identifying and mitigating advanced threats that may bypass traditional security measures.
• Concurrent Threat Hunt: One concurrent threat hunt ensures focused attention on potential security issues.

6. Live-Forensics Capabilities:

• Detailed Incident Analysis: Live-forensics agents provide deep insights into incidents, aiding in thorough investigation and resolution.
• One-Time Deployment Cost: Affordable one-time cost for deploying live-forensics agents on each host.

7. Cost-Effective Solution:

• Affordable Monthly Plan: The Tier 1 – Basic plan is designed to be cost-effective, making advanced cybersecurity accessible to small businesses.
• Scalable Services: Ability to scale services based on needs ensures that you only pay for what you use.

8. Operational Efficiency:

• Reduced Manual Effort: Automated processes for threat detection and response free up your IT team to focus on strategic initiatives.
• Comprehensive Protection: A holistic approach to cybersecurity ensures that all aspects of your business are protected, from endpoints to network traffic.

9. Peace of Mind:

• Proactive Security Measures: Knowing that your business is protected by advanced threat intelligence and proactive measures provides peace of mind.
• Expert Support: Access to expert incident response services ensures that any security issues are handled professionally and efficiently.

Conclusion

By implementing the Tier 1 – Basic cybersecurity plan, your small business benefits from enhanced security, compliance, and operational efficiency. The combination of threat intelligence, proactive threat hunting, effective incident response, and comprehensive phishing protection ensures that your business is well-protected against a wide range of cyber threats.