951-717-3576 | Serving the Inland Empire & Southern California | hello@simonsayssystems.com

Security operations with evidence you can defend.

A dedicated security monitoring stack — built for your business alone — with 24×7 critical response and the audit trail that regulated businesses need. Enterprise security operations, sized and priced for SMBs.

Who Managed SOC is for

Managed SOC is for businesses with a real compliance obligation or a serious security posture requirement: CPA and tax firms under IRS Publication 4557 and the FTC Safeguards Rule, law firms, insurance agencies under GLBA, healthcare practices needing HIPAA with a business associate agreement, manufacturers facing CMMC, and any organization pursuing SOC 2. If an auditor, regulator, carrier, or enterprise customer will ever ask you to prove your security controls work, this is the product that answers.

Your own dedicated security stack

Most providers put every customer into one shared monitoring platform. We don’t. Every Managed SOC customer gets a complete, dedicated stack — hosted on US-based infrastructure and isolated from every other customer:

  • Dedicated SIEM. Your own security information and event management platform, with 12-month log retention (extendable) and file integrity monitoring on your servers.
  • Dedicated threat intelligence. Curated threat feeds matched to your industry — including integration with your own ISAC subscription if you have one (H-ISAC, FS-ISAC, LS-ISAO, and others).
  • Dedicated service infrastructure. Your ticketing, monitoring, documentation, and technician access all run on instances built for you — so every action against your environment lands in your own audit trail, not a shared one.

What we monitor

Managed SOC monitoring agents are deployed on your servers — file servers, application servers, domain controllers, and hypervisors — plus your network infrastructure. That’s a deliberate design choice: servers are where your data lives, and server-side monitoring is what auditors scrutinize hardest.

Workstations are covered through a layered evidence model rather than per-machine monitoring agents. Four telemetry streams flow into your dedicated SIEM:

  • Endpoint detection and response (EDR) telemetry — process activity, behavior analysis, file execution, and USB device control from every workstation.
  • Cloud audit logs — document access, sharing, and sign-in activity from Microsoft 365 or Google Workspace.
  • Identity logs — authentication events, multi-factor records, and session tracking from your identity platform.
  • Backup catalogs — file-level change records from endpoint backup.

Together these provide workstation-level audit evidence that has been mapped against IRS Publication 4557, the FTC Safeguards Rule, GLBA, SOC 2 Common Criteria, IRC §7216, and ABA Model Rule 1.6.

How it’s sold

Managed SOC is a distinct product under its own statement of work, anchored on our Managed IT tier. Pricing combines the per-user Managed subscription with a flat monthly fee for your dedicated security stack, scaled by server count — quoted per customer after a short scoping conversation.

The honest comparison

Most MSPs our size can’t deliver a per-customer SIEM, file integrity monitoring, and threat intelligence in-house — they resell a shared platform and hope the auditor doesn’t ask. We built our practice around delivering the real thing, because it’s exactly the evidence regulated businesses need to defend an audit.

Ready to talk?

Facing a compliance deadline, a client security questionnaire, or a carrier asking hard questions? Start the conversation.

 

hello@simonsayssystems.com