Monitoring and alerting of your infrastructure

SOC-as-a-Services includes SIEM-as-a-Services providing always-on machine analytics, threat intelligence, and continuous threat investigations to deliver accurate and in-depth alert notifications. We’re always monitoring, so you can focus on higher level security management and sleep at night.

Log management and search

Onsite data collectors collect logs, and events and send the data to the cloud for analysis by our security operations environment and provides online access to advanced real-time search of all events for investigations, compliance, and forensics.

Threat intelligence

SIEM-as-a-Service uses global sources of threat intelligence data and trusted client circles to provide predictive intelligence about probable attacks and to help prevent incidents from occurring.

Active investigations and hunting

Eliminating false alerts and discovering advanced attacks requires active manual investigations and analytics–driven threat hunting. We apply the industry’s highest level of advanced manual investigations and hunting to threat discovery so you can focus on real actions to prevent breaches.

Custom use cases and business context modelling

Prior generations’ MSSPs use limited sets of static use cases based on just IP addresses and no understanding of the value or behaviour of an asset. The SIEM-as-a-Services platform is the first next-generation solution that enables Business Context Modelling on every asset to model applications, priorities, policies, and behaviours of devices and users to discover suspicious anomalies that indicate attacks or compromises. We understand every business is different and apply custom use case analytics to every client.

Hybrid SOC models and flexible escalations

Whether you have an on-premise SIEM or need a SIEM-as-a-Service, we provide  the 24×7 security analytics, threat intelligence, and active SOC monitoring needed to deliver actionable alert notifications.

Our hybrid model makes use of your existing security environments and has our security experts monitoring those existing events 24/7 so you can act on the intelligence they provide.

Security Information & Event Management (SIEM)

Central to the SOC-as-a-Service offering is SIEM-as-a-Services.  This performs the collection, analysis, correlation, and evaluation of events from your environment resulting in manageable and actionable alerts by the security operations team.

The SIEM platform gathers and analyses logs from your existing environments from devices such as firewalls, IPS/IDS systems, as well as security solutions from Anti-Virus to traffic collectors, and integrates with use management, Active Directory as well as Server (Windows/Linux) platforms.  It is out-of-the-box compatible with many standard vendor solutions, as well as having customisable components that can be configured to gather data from your specific systems, devices and applications. In addition to your existing platforms, these can be augmented with our own tools that sit in your environment, watching, capturing and feeding this information up to the SIEM.

Realtime processing

Next are the application filters, lookups, correlation and enhancements of that data that look for security events and triggers.  This time-consuming activity is circumvented, as our our proprietary algorithms, scripts and configuration elements that we have developed are enabled in your SIEM environment. As we work across multiple environments and customers we use this knowledge and experience to reduce the overall effort and time to get your SIEM up and going.

Pre-defined impact analysis

Central to the platform is the existing management of security flaws that is applied to your environment. Fraudulent use of IT systems, internal fraud and threats are captured and analysed with the millions of individual logs.  These are analysed and prioritised in terms of impact to your business and urgency, so that the actual number of events you need to react too is manageable.

Cyber threat detection

Crooks and hackers are getting smarter every day; taking advantage of internet use and email as the primary vector to infiltrate an enterprise.  These days, accidental compromises of environments are caused by normal people doing normal activity, unknowingly letting the bad guys in. New types of malware, or emails can easily go undetected if you are only using signature based systems. There is also the threat of portable devices, or offline storage media (USB’s), that bring unknown threats past the security perimeter.

Our advanced cyber threat analysis looks deep into your environment.

• Multiple steps of signature- and behaviour-driven analyses of the network traffic and  sandbox technologies for the analysis of all traffic, events, and logs on your available devices.
• SIEM based correlation engine, which analyses network traffic and events to detect patterns, that may demonstrate abnormal behaviour
• Experienced security experts that are always watching and reviewing important alerts.

By utilising on-server/PC agents that can monitor and react to all activity on these systems ensures that these cyber-threats can be captured, analysed and reacted to, either manually or automatically by the SOC.

Clear trust in the SOC-as-a-Service

The result of having a SOC-as-a-Service is:

• Relax, knowing that your environment is not only secure, but is being watched by experts.
• Trust in your people, so that even small mistakes don’t become major security events.
• Report up to your board that security is now a well managed risk, performed efficiently and by experts.
• Be in-control of your security, monitoring all of the activity and events.

A SOC-as-a-Service can also be a component in your overall industry certification, or external certification such as PCI or ISO.  Each task performed by the SOC is well documented, demonstrable and logged, so that proof of activity can be made available to quality assessors whenever needed.

Deploying SOC-as-a-Service is manageable.

Our predefined on-boarding process executed by our security professionals includes:

• IT security and IT risk consulting,
• Environment risk assessment
• SIEM log Architecture and capability analysis.
• Incident, change and release management processes
• Remediation and incident forensics.
• Notification/ prioritisation matrix
• System training and trial event processing
• Ongoing environment updates.

We work through a process with your teams to answer some of these strategic and IT security questions:

• What are the risks that are relevant for your company or business?
• Which top 5 scenarios should be a priority to reduce tisk?
• How are cyber attacks detected?
• What data in your business should be within your IT security framework?
• Which departments and  environments should be within your IT security framework and to what level?
• What is the involvement of your stakeholders and executives in your IT security framework, and what are the most efficient information flows that need to be established?
• How do you communicate IT risk/processes and controls?
• How do you know when you are successful? What KPI’s should be in place?
• What corporate governance, industry governance or compliance needs to be considered now and into the future?
• What HR processes/controls/rules changes need to occur for effective IT security monitoring?
• What should your incident management plan be?
• How do you document, measure and improve risk management and IT security?

Once operations, the SOC-as-a-Service remains integrated to your operations teams, and hence will be involved in change management, updates and upgrades.  A majority of these activities is performed online, through tickets and emails and large events can be planned in detail when required.