Black Hills Information Security Active SOC is a managed security operations center service that combines multiple security capabilities into a unified offering. The service addresses limitations observed in traditional MSSPs and MDRs by providing an active approach to security operations. The service includes continuous monitoring and alerting across host, cloud, and network traffic with Risk-Based Alerting (RBA) capabilities. Zeek sensors are deployed for network visibility, and the service includes active threat hunting with weekly threat intelligence updates. Custom dashboards provide event visualization and metrics tracking. The monitoring service has no preset data limits and includes agents that can be deployed via GPO or RMM tools with custom logging configurations. Active SOC incorporates cyber deception through strategic deployment of decoy assets that function as an early warning system. These deception assets integrate with SIEM platforms for monitoring and alerting, providing intelligence on attacker movements through activity logging and analysis. Attack surface monitoring provides initial assessment of external-facing assets, continuous monitoring with real-time alerts for new vulnerabilities and exposed assets, and dashboard visualization of the attack surface. The service includes adversarial emulation capabilities that assess the existing security stack, review Active Directory environments, conduct outbound TCP port scanning, and test workstation privilege escalation. Customers receive support from experienced security testers and industry experts, and gain access to the Antisyphon Cyber Range for team training.