CDaaS

Solve your problems or get new ideas with basic brainstorming

Get Started. It's Free
or sign up with your email address
Rocket clouds
CDaaS by Mind Map: CDaaS

1. Ideas

1.1. Kafka - topic per customer

2. use cases

2.1. initial

2.1.1. Perimeter Monitoring

2.1.2. Network Monitoring

2.1.3. Security Reporting

2.1.4. SLA Reporting

2.1.5. Threat Intel

2.2. phase

2.2.1. User

2.2.2. Win

2.2.3. OS

2.3. future

2.3.1. app

2.3.2. db

2.3.3. custom business

2.3.4. advanced in depth

3. Requirements

3.1. business

3.1.1. full featured SIEM service

3.1.2. vulnerability scanning

3.1.3. security reporting

3.1.4. threat intelligence feed integration

3.1.5. optional SOC service integration

3.1.6. secure communication between customer site and central component

3.2. commercial

3.2.1. no capex payment model

3.2.2. free trial period

3.2.3. simple pricing model (logger charging must have same structure as SIEM)

3.2.4. short term contracts

3.3. technical

3.3.1. cloud based deployment (01.11.16)

3.3.2. automatic deployment with basic set of use cases (01.11.16)

3.3.3. easy self service device onboarding (for selected device types) (15.11.16)

3.3.4. cloud based multi tenant ESM server for SOC service (01.11.16)

3.3.5. customer self service reporting (multi tenant platform) (01.11.16)

3.3.6. interface for monthly EPS reporting (01.11.16)

3.3.7. (on-prem) connectors available as ESX images and for classic systems (01.11.16)

3.3.8. easy customer deployable software updates (01.12.16)

3.4. legal

3.4.1. GDPR

4. Operations

4.1. onbarding

4.1.1. Customer info

4.1.1.1. data input

4.1.1.2. format

4.1.1.3. validation

4.1.1.4. preprocessing

4.1.2. data needed

4.1.2.1. Customer name

4.1.2.2. target host/ip

4.1.2.3. basic asset model

4.1.3. SOC

4.1.3.1. MSSP Best Practices

4.1.3.2. Automate MSSP New Customer Deployment

4.1.3.3. Activate adjustments

4.1.3.4. platform provisioning

4.1.4. Customer environment

4.1.4.1. Collector deployment

4.1.4.2. device change mgmt

4.1.4.3. validation

4.2. operating

4.2.1. what services and offerings

4.2.2. different options

4.2.3. SOC vs SIEM

4.2.4. separate SOC vs other internal SOCs

4.2.5. customer support

4.2.6. platform updates

4.2.7. environment changes synchronisation

4.2.8. SIOC SOMM goals

4.3. decomissioning

4.3.1. data retention / legal

5. Architecture

5.1. sizing

5.1.1. initial

5.1.2. short term

5.1.3. long term

5.2. platform

5.2.1. baremetal

5.2.2. VM

5.2.3. docker/mezos

5.2.4. Win vs Linux

5.3. automation tools

5.4. ESM

5.4.1. single

5.4.2. multiple

5.4.3. MoM

5.4.4. grow from single to MoM

5.5. ADP

5.5.1. none

5.5.2. Logger per customer

5.5.3. Army of Loggers

5.5.4. Kafka

5.5.4.1. topic per customer

5.5.5. customer vs. SOC premise

5.6. collection

5.6.1. VM image

5.6.2. Win vs. Linux

5.6.3. initial syslog

5.6.4. ready for other connectors

5.6.5. who owns the image?

5.6.5.1. support

5.6.5.2. update

5.6.5.3. insider risk