We’re looking providers to provide SOC services (vsoc or managed soc I believe?) and I have some questions regarding how this is usually setup.
From one provider we were told they would like a site-to-site vpn into our network for monitoring and pulling logs into their soc. Another provider told us that simply sending logs via their agents over the internet (TLS encryption of course) is possible and no VPN is required.
Also, it’s not clear if admin permissions on our infrastructure is required for the SOC to function optimal.
Is there some sort of collection of information regarding managed SOC best practices or guidelines? Does anyone have any insights or experiences they can share regarding outsourcing a SOC?