> For the complete documentation index, see [llms.txt](https://docs.blusapphire.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.blusapphire.io/m-soc/m-soc-or-architecture-and-workflow/solution-deployment-architecture.md). # Solution Deployment Architecture High Level Design – Solution Deployment Architecture ## Overview This document provides a high-level overview of the deployment architecture scenarios for the MSOC Solution. These architectures outline how security monitoring and incident response capabilities are integrated based on the organization's infrastructure landscape. ## Scenario 1: No On-Prem Infrastructure (Endpoints Only) ### Description In this scenario, the organization (RE) does not maintain any on-premises infrastructure beyond endpoints such as desktops and laptops. These endpoints may also be remote, requiring secure connectivity to the MSOC solution. ### Key Components 1. **Endpoints**: Workstations and laptops used by employees. 2. **Encrypted Channel**: Secure communication between endpoints and MSOC. 3. **Multi-Factor Authentication (MFA)**: Ensures secure access to the MSOC. 4. **24x7 Cybersecurity Monitoring**: Continuous security oversight. 5. **MSOC (Managed Security Operations Center)**: * Next-Gen SIEM (Security Information and Event Management) * SOAR (Optional Service) * Threat Intelligence * Machine Learning and Analytics * Encrypted Storage for log retention 6. **Auditor Access**: Restricted access for compliance reviews. ### Workflow 1. Endpoints generate security logs and telemetry. 2. Logs are securely transmitted to the MSOC via an encrypted channel. 3. The MSOC performs real-time monitoring, correlation, and analysis. 4. Security teams respond to incidents by leveraging automated SOAR workflows if SOAR is opted for as a service. 5. Security auditors can access the monitoring platform with controlled permissions. ![](/files/8b9c5b040c2ff25e36603ef7a602e474c063c1f5) ## Scenario 2: On-Prem Infrastructure and/or Cloud Infrastructure ### Description In this scenario, the organization has both endpoints and additional infrastructure, such as on-premises servers or cloud-hosted services. This requires a more complex security architecture. ### Key Components 1. **Endpoints**: Workstations and laptops. 2. **Application Servers and Infrastructure**: On-premises and cloud resources. 3. **Log Collector**: Aggregates logs from endpoints and infrastructure. 4. **Encrypted Channel**: Secure log transmission to the MSOC. 5. **Firewall**: Enforces network security and data protection. 6. **Multi-Factor Authentication (MFA)**: Ensures secure access. 7. **24x7 Cybersecurity Monitoring**: Provides continuous security analysis. 8. **MSOC**: * Next-Gen SIEM * SOAR (Optional Service) * Threat Intelligence * Machine Learning and Analytics * Encrypted Storage 9. **SOAR Integration (Optional)**: Enhances automated incident response capabilities. 10. **Auditor Access**: Controlled access for compliance and oversight. ### Workflow 1. Logs are collected from endpoints, application servers, and other infrastructure components. 2. The log collector aggregates and normalizes logs before transmission. 3. Data is encrypted during transit and sent to the MSOC. 4. The MSOC processes logs using SIEM, SOAR, and analytics. 5. Security teams investigate threats and execute automated response actions if SOAR is opted for as a service. 6. Compliance teams and auditors access logs securely for review. ![](/files/4b6a4c239e37969e7c2bb2a463e7546290ed2978) ## Comparison of Deployment Scenarios\*\* -\*\* | **Feature** | **Scenario 1 (Endpoints Only)** | **Scenario 2 (On-Prem & Cloud)** | | ------------------------------------- | ------------------------------------------ | ----------------------------------------------------------- | | Infrastructure | No on-prem infrastructure beyond endpoints | Includes on-prem servers, applications, and cloud resources | | Log Collection | Directly from endpoints | Centralized log collection via log aggregators | | Security Monitoring | SIEM processes endpoint logs | SIEM ingests data from endpoints, servers, and applications | | Automated Response (SOAR – Optional ) | SOAR handles endpoint-related incidents | SOAR handles incidents across all assets | | Compliance & Auditing | Limited to endpoint security | Comprehensive infrastructure security review | ## Conclusion Both deployment architectures provide robust security monitoring and threat detection. The choice between Scenario 1 and Scenario 2 depends on the organization’s infrastructure. Scenario 1 is suitable for remote or cloud-first environments, while Scenario 2 is ideal for enterprises with on-premises or hybrid setups. In both cases, the MSOC ensures continuous security operations, incident response, and compliance adherence. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.blusapphire.io/m-soc/m-soc-or-architecture-and-workflow/solution-deployment-architecture.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.