SOC maturity and readiness assessment for [REDACTED] covering detection coverage, mean-time-to-detect, analyst tooling, threat intel integration, and SOC Capability Maturity Model scoring. Engagement ref. ENG-2025-0561.
Plaidnox assessed the Security Operations Centre capability for [REDACTED] against the SOC Capability Maturity Model. The current organisation operates a part-time internal SOC (2 analysts, business hours only) with no dedicated SIEM platform, relying on manual review of Windows Event Logs and firewall syslog. Overall maturity score is 2.2 out of 5, placing the SOC in the Developing tier.
Critical gaps include no 24/7 coverage for an organisation processing 2.4M payment card transactions per month, no threat intelligence feed, a 6.2-hour mean-time-to-detect, and no documented incident response playbooks for ransomware or POS compromise scenarios.
| SOC-CMM Domain | Score | Target | Key Gap |
|---|---|---|---|
| Process | 2.1 / 5 | 3.5 | No formal playbooks, triage is ad-hoc |
| Technology | 1.8 / 5 | 3.5 | No SIEM . manual log review only |
| People | 2.4 / 5 | 3.5 | 2 analysts, business hours, 1 FTE gap |
| Business Functions | 2.6 / 5 | 3.5 | No SLA for detection or escalation |
| Threat Intel | 1.6 / 5 | 3.5 | No feeds . reactive detection only |
| ID | Gap | Priority |
|---|---|---|
| SOC-G01 | No SIEM . 0% correlation capability, cannot detect multi-stage attacks across log sources | Critical |
| SOC-G02 | No out-of-hours coverage . 18hrs/day and weekends completely unmonitored | Critical |
| SOC-G03 | No POS/payment system monitoring . cards processed but no SOC visibility into POS environment | Critical |
| SOC-G04 | No threat intelligence . IOC feeds, adversary TTPs unavailable to analysts | High |
| SOC-G05 | No incident response playbooks . ransomware, POS compromise response undocumented | High |
| Action | Timeline | Expected Outcome |
|---|---|---|
| Deploy Microsoft Sentinel SIEM . ingest all log sources within 8 weeks | Wk 1-8 | Correlation + automatic alerting |
| Engage managed SOC provider for 24/7 after-hours coverage (Tier 1 triage) | Wk 2-6 | Full coverage within 6 weeks |
| Integrate POS syslog and Windows Event Logs from 412 store endpoints | Wk 4-10 | POS compromise detection |
| Subscribe to MISP threat intel feed . integrate with Sentinel TI connector | Wk 3-6 | Proactive IOC blocking /detection |
| Develop 12 IR playbooks (ransomware, POS skimming, phishing, insider threat) | Wk 6-10 | Repeatable, measurable response |