Security operations center as a service (SOCaaS) is a cloud-based subscription model for managed threat detection and response that includes best-in-class SOC solutions and capabilities to help fill in gaps on existing security teams.


We tackle IT issues from “data-centric” angle.

SOCaaS provides all of the security functions performed by a traditional, in-house SOC, including:

Service Overview

SOC-as-a-service Scope Coverage

SOC-as-a-service Includes

High Level Architecture Diagram

Log Collection For DC & DR

Cyber Threat Intel Lookup & Blocking Automation

Service Level Agreement (SLA)

Severity Level Definition Response Time Response Method
1 (High)
  • Entire company’s operations have been severely disrupted due to the security breach.
  • Any attempted attacks towards critical assets1
Within 30 minutes Phone and Email
2 (Medium)
  • Entire business unit / department operations have been severely disrupted due to the security breach.
  • Any attempted attacks towards important assets 1
Within 60 minutes Email
3 (Low)
  • User operations have been severely disrupted due to the security breach.
  • Any attempted attacks towards significant assets1
Within 24 hours Email


1Asset discovery and classification will be conducted during onboarding process.

SOC-as-a-service Reporting

Frequency Report
Monthly Monthly SIEM & Service Monitoring Report

Monthly summary of previous month’s top talker statistics, top endpoint detection summary, top malware detection summary, top infection by user / category / action, device status monitoring, threat intelligence and vulnerability alerts summary, configuration audit, number of devices monitored, list of tickets (open, pending, closed), SLA trackers, incident responses, historical trend analysis, escalations, incident summaries, and fine-tuning recommendations.

As and when security incident is declared and responded to Security Incident Report

This report shall be detailing all information regarding any security incident that had happened – root cause analysis, attack vector, type of attacks, malware involved, machines affected, forensic activities, evidence, remediation advisories, action taken, preventive actions, and summary.

SOC-as-a-service Plan

Service Coverage 8 x 5 24 x 7
Log Retention Customizable Customizable
Threat Intel Lookup Yes Yes
Automated Blocklist Yes Yes
Reporting Daily, Weekly, Monthly, Incident Report Daily, Weekly, Monthly, Incident Report
SIEM Audit Trail No No
PCI-DSS Compliance Comply Fully Comply Fully
RMIT Compliance Comply Fully Comply Fully
Tiering Discount Yes Yes
Charging Model
  1. Per tenant
  2. Per device
  1. Per tenant
  2. Per device

T&C and Assumptions

  1. SOC-as-a-service scope covered with 8x5 or 24x7 SLA
  2. On the customer tiering option, it is based on assumption of each tenant has maximum of 30 devices (firewall, servers, database, etc…) to monitor.
  3. Allowance of 10% of additional device without charges (for per-tenant based).
  4. For each additional device exceeded the allowance allocation, additional charges calculation is by “per-device pricing”.
  5. Offline storage (if logs needed to be kept for more than 1 year), this to be handled by customer – either using external storage e.g. NAS or VM image backup software.
  6. SOC-as-a-service (SIEM and Log Collector) components will be hosted within Customer’s infrastructure. Server resources and connectivity to be facilitated by Customer.

Key Takeaways

Want to know more about SOCaaS?

Call or click to WhatsApp any of our friendly Sales team below :

016-330 8032

Wani Shaari

017-353 2191

Tasya AbuBakar

Open chat
Hi, let us help you.