SOC Prime Introduces a Fair Usage Policy

Make the Most of Advanced Threat Detection at No Extra Cost

In today’s rapidly evolving cybersecurity landscape, where both rogue actors and well-funded state-sponsored entities continuously devise sophisticated attacks, maintaining relevant and up-to-date detection capabilities is more critical than ever.

In Q1 2024, APT groups from various global regions, such as China, North Korea, Iran, and russia, showed a marked increase in dynamic and innovative offensive capabilities, creating substantial challenges for the global cybersecurity landscape. Among them, notorious russia’s state-sponsored hacking groups, like APT28, APT29, and Gamaredon, continued to use Ukraine as a testing ground to further expand their attack surface to European and North American political arenas. 

For instance, in October 2023, russian APT28 hacked the public & private sectors in France, using the same vulnerabilities and TTPs as in Ukraine during 2022-2023. Also, in May 2024, Germany revealed a long-lasting campaign by APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), and the U.K. According to CISA, russia will remain a top cyber threat by fusing cyber espionage, influence, and attack capabilities and keeping its primary focus on targeting critical infrastructure in the U.S. as well as in allied and partner countries. 

Also, while cyber-espionage remains a priority, APTs increasingly switch to intellectual property theft, financial gain, or destructive campaigns. The targets now extend beyond public sector institutions and large corporations, with small and middle-sized businesses becoming juicy targets. According to Accenture, 97% of organizations saw an increase in cyber threats since the start of the russia-Ukraine war in 2022, demonstrating the profound effect of geopolitical tensions on business globally.

The expansion of the APT attack surface is only a facet of the ever-growing threat landscape organizations are currently coping with. The number of vulnerabilities weaponized for in-the-wild attacks increases tremendously on a yearly basis, with over 30K new flaws being discovered solely in 2023. Statista states that 72,7% of organizations fell prey to ransomware attacks last year. This makes cyber crime one of the most featured causes of business interruption lately.

As the cyber arena constantly undergoes drastic changes, here at SOC Prime, we strive to ensure our clients have all the relevant solutions and resources to focus on defense. To provide organizations with instant access to curated detection rules, hunting queries, and IOC collections bundled with actionable CTI and smart solutions, we have released a new licensing model backed by the Fair Usage Policy. The new policy is intended to tackle and eliminate the bandwidth restrictions related to content unlocking, which have been a major concern with our previous token-based model.

Explore New Pricing Model

Maximize the Value of Your Enterprise Subscription with Unrestricted Access at No Extra Cost

Crafting detection rules and queries has traditionally been more art than science, with many enterprises relying on expensive professional services to accomplish this task. Before we introduced crowdsourcing and launched our Threat Bounty Program, producing a single detection rule was both time-consuming and expensive, often taking days and costing up to thousands of U.S. dollars. However, with the advent of Sigma rules, the rise of Roota and the Uncoder translation engine, and the power of crowdsourcing, the price of developing a detection algorithm has dramatically decreased year over year.

When SOC Prime started, we had roughly 150 rules in the Threat Detection Marketplace content library in 2016. In 2024, we surpassed 13,000 TTP-based Sigma rules and roughly 300,000+ native rules for SIEM, EDR, and now Data Lakes, all documented and linked to MITRE ATT&CK®. As production costs decrease, we can achieve a significant milestone by separating cost considerations from detection engineering decision-making. In light of the new reality, we’ve come up with the Fair Usage Policy that reflects our mission to foster transformational change in threat detection.

The Fair Usage Policy within the newly released Enterprise Licensing model enables any organization to access up to 4,172 rules per year without any limits or concerns about the token expenditure. This ensures you can maximize the value of your subscription without unexpected restrictions and tune your content demand depending on your organization’s current threat coverage. All SOC Prime Enterprise customers can instantly switch to the new pricing model, gaining economic benefits without any extra charges or commitments.

The new model offers a SaaS product suite for Threat Detection and Detection Engineering enabling Enterprise customers to benefit from Threat Detection Marketplace and Uncoder AI within a single subscription. The provided offering ensures a streamlined detection content lifecycle based on CI/CD workflows, a 24-hour SLA detection against emerging threats, and AI capabilities for Detection Engineering to enable organizations to enhance their cyber defense capabilities at scale. 

Simplified Content Management, Automation & Customization Capabilities

The new licensing model offers advanced content management capabilities to accelerate the use case management lifecycle. Security teams can package detection algorithms in dynamic threat hunting bundles based on ATT&CK using pre-configured content lists. SOC Prime users can also create their own custom repositories for Detection-as-Code projects with up to 2,000 rules per repository, hosted at SOC 2 Type II AWS private segment, with no IP transfer, and compliant with the content Privacy Assurance to ensure full data privacy of the content owners.

Security teams can also take advantage of data field mapping customization capabilities, supporting common data schemas of most SIEM, EDR, and Data Lake solutions, including OCSF, CIM, ECS, ASIM, CEF, LEEF, and other popular formats.

The refined Enterprise subscription equips defenders with a complete CI/CD workflow to research, build, test, fine-tune, and deploy code in an automated fashion to any SIEM or EDR instance. Organizations operating in distributed ecosystems and in search of deploying workloads across multiple cloud platforms can also benefit from SOC Prime’s Central Content Management UI for cloud-native SIEMs. Security engineers can push or pull API access to automate cloud-native SIEM environments’ content management capabilities and enable continuous content streaming of SIEM rules and queries from a single UI. Supported platforms include Microsoft Sentinel, Elastic Cloud, Splunk Cloud, Sumo Logic, Chronicle Security, Falcon LogScale (Humio), and more.

Enterprise customers can also adapt their organization’s use case management lifecycle through SOC Prime Platform integration with GitHub and Confluence. You can instantly make changes to the selected detection algorithms, continuously push them to the SIEM, EDR, or Security Data Lake in use, store them in your own custom repository in SOC Prime Platform, or save the updated code in your private GitHub repo to make sure you have all detection content in sync. 

Fortifying Security and Access Controls with Next-Level Protection & Advanced Authentication

As the SOC Prime Platform is adopted by Fortune 100 corporations, 34+ MDR providers, and 90 public sector and defense organizations in key NATO countries, security requirements will continue to increase. Being a SOC II Type II compliant organization, we uphold high standards of cybersecurity excellence, implementing the industry’s best practices to ensure comprehensive multi-layer security protection across all our solutions.

Introducing a Single Sign-On (SSO) authentication to the SOC Prime Platform enables our customers to securely access multiple related applications or systems using just one set of credentials. This contributes to reduced time spent on the authentication procedure while increasing productivity, enhances security protection by minimizing risks of brute force attacks, aligns with the regulatory compliance program adopted by multiple enterprises, and improves the overall user experience. 

The multi-factor authentication acts as an additional protection layer mitigating the risk of exposing sensitive data and reducing the need for time-consuming password resets. Another security enhancement available within the new licensing model includes the advanced RBAC (Role-based access control) support. This feature contributes to efficient access management, enhanced security, and scalability to adapt to organizational changes, simplifies compliance with regulatory requirements and industry standards, and eliminates the administrative burden related to access management.

Extended Support & Professional Services

We have extended customer support and professional services bundled with your Enterprise subscription to provide smooth onboarding, quick time-to-value, and fast implementation of SOC Prime’s product suite into your existing workflow. 

Our engineering team of seasoned experts ensures you drive maximum value from the SIEM, EDR, or XDR in use, have complete visibility into your data, collect and parse all necessary logs, and take your SOC Prime platform experience to the next level.

SOC Prime’s Professional Services Team includes seasoned experts with 20+ years of experience in the practical implementation of market-leading SIEM technologies, including Elastic, Microsoft, Splunk, QRadar, and Falcon LogScale/Humio for scaling up to 50 terabytes a day, with the 24/7 support provided for hundreds of companies, including government organizations in Europe and the U.S. 

While we provide traditional support by email or live chat to address any requests or stumbling blocks you might experience, we also accommodate community-driven remote workflows via our Discord channel. 

For large-scale projects, we work with 34+ MDR partners to accelerate their security offerings and ensure you get best-in-class follow-the-sun detection engineering operations and 24-hour threat coverage to safeguard your enterprise against any existing or emerging threats.