iValue Center of Excellence
Your Technology. Proven. Positioned. Sold.
• Sell outcomes, not features
SoC Upsell Stack with Controls
The Security Operations Center (SoC) Stack Controls encompass a comprehensive set of tools and technologies designed to enhance an organization's ability to detect, respond to, and mitigate cybersecurity threats. These controls are essential for maintaining robust security posture and ensuring compliance with industry regulations.
Note:- Excludes Log Sources e.g. EDR, DLP, Firewall Logs etc.
| # | SoC Control Area | Consolidated Requirement | CERT-In | RBI | SEBI CSCRF | IRDAI | DPDP | NCIIPC | Technology | iValue Stack Required (Multi-Stack by Design) |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Central SIEM Platform | Correlation, detection & alerting | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | SIEM | Google Chronicle / Splunk / ArcSight |
| 2 | Detection Engineering | Custom detection logic & tuning | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Detection Engineering | Chronicle / Splunk / ArcSight |
| 3 | MITRE ATT&CK Alignment | Threat-aligned detections | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ATT&CK Framework | SIEM + Detection Engineering |
| 4 | UEBA | Insider threat & anomaly detection | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | UEBA | Chronicle UEBA / Splunk UBA / Gurucul |
| 5 | Identity Threat Detection | AD & identity-based attack detection | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | ITDR | Tenable.AD / SentinelOne |
| 6 | Threat Intelligence Platform | Intel ingestion & enrichment | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | TIP | Check Point TI / Recorded Future / Google Threat Intelligence |
| 7 | External Threat Feeds | IOCs, APT, campaigns | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Threat Feeds | Check Point / Recorded Future / Google TI |
| 8 | Dark Web Monitoring | Credential & data leak monitoring | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Digital Risk Protection | CloudSEK |
| 9 | Brand Monitoring | Phishing, spoofing, impersonation | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | Brand Protection | CloudSEK |
| 10 | Threat Hunting | Proactive attacker hunting | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Threat Hunting | SIEM + UEBA + TIP |
| 11 | SOAR Platform | Automated response & orchestration | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | SOAR | Chronicle SOAR (Siemplify) / Splunk SOAR / OpenText SOAR |
| 12 | Incident Case Management | Alert-to-closure lifecycle | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | Case Management | SOAR Platforms |
| 13 | Playbook Management | Standard IR procedures | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | IR Playbooks | Chronicle SOAR / Splunk SOAR / OpenText SOAR |
| 14 | Incident Orchestration | Cross-tool containment | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Orchestration | SOAR Platforms |
| 15 | Breach & Attack Simulation | Validate detection coverage | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | BAS | Keysight Threat Simulator |
| 16 | Continuous Control Validation | Detect detection drift | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Detection Validation | Keysight |
| 17 | Deception Technology | Early attacker engagement | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ✅ | Deception | Attivo Networks /. Threacle |
| 18 | Network Packet Capture (PCAP) | Full-fidelity traffic capture | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | PCAP / Taps | Keysight Network Taps |
| 19 | Network Packet Broker | Traffic aggregation & distribution | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | NPB | Keysight Vision / Netscout |
| 20 | Network Behaviour Analytics | Traffic anomaly detection | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | NBAD | Arista |
| 21 | Malware Analysis | File & payload analysis | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Sandbox | VirusTotal |
| 22 | Digital Forensics | Evidence acquisition & analysis | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | DFIR | OpenText EnCase |
| 23 | DFIR Services | Court-defensible investigations | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | DFIR Services | KapurGaurai (Retainer) |
| 24 | Threat Attribution | Actor & campaign mapping | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Threat Research | Recorded Future / Google TI / MISP |
| 25 | SOC Dashboards | Operational & exec visibility | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | SOC Dashboards | SIEM / SOAR Dashboards |
| 26 | Compliance Evidence Management | Audit-ready artefacts | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | Compliance Mgmt | SIEM / SOAR / GRC Platform |
| 27 | CERT-In Reporting | Mandatory incident reporting | ✅ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | Regulatory Reporting | SOC Process + SIEM/SOAR |
| 28 | XDR Platform | Unified endpoint, network & cloud detection | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | XDR | SentinelOne |
| 30 | Attack Surface Management | External asset discovery & risk scoring | ⬜ | ⬜ | ✅ | ⬜ | ⬜ | ✅ | ASM | Mandiant |
| 31 | PAM for SOC Analysts | SOC credential vaulting & session recording | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | PAM | CyberArk / Delinea |
| 32 | NAC | Quarantine & network isolation | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | NAC | Arista |
| 33 | GRC | Policy, risk & regulatory governance | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | GRC | Whitehats / ICA |
| 34 | Network Performance Monitoring/ Policy Manager (NPM) | Network Performance Monitoring/ Policy Manager (NPM) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | NPM | Algosec |