Security Operations Center
Monitoring and responidng to threats
Security Operations Center (SOC) is a comprehensive service that responds to the event of an attack on IT resources. The service consists of highly specialized IT tools, professional knowledge and experience in the field of ICT security and response procedures to detected threats. Constant monitoring of networks, systems, and ICT security systems enables the identification of cyber threats and attacks. The experience and efficiency of the team operating based on defined response procedures prevent the takeover of the client’s infrastructure. Continuous inference and continuous risk analysis improve security.
SOC’s priority is to protect the organization’s data and counteract threats from the network. The service is designed to meet the customer’s needs in such a way that the reaction to an incident is as quick as possible and provides effective defense against an attack.
The service consists of a group of processes that are implemented by selected support lines of engineers and BLUEsec specialists. Security Operations Center provides both basic security monitoring and appropriate response, as well as more advanced processes, such as vulnerability management, risk analysis, configuration and maintenance of security tools, forensic analysis and training.
Three pillars of effective SOC
- Level 1 - Alert Analyst - a role responsible for monitoring security incident queue alerts; responsible for the status of sensors and endpoints - collects and sends relevant data up to level 2; preliminary detection of intrusions through appropriate alert analysis.
- Level 2 - Incident Responder - a role responsible for threat hunting. Correlation of data from different sources and determining the criticality of the system/set of data that have been exposed. It ensures the development of remediation actions and new analytical methods in the detection of threats.
- Level 3 - Subject Matter Expert/Hunter - a role with knowledge of the network, terminal equipment, threats, forensics, and malware, but also of the operation of individual applications. She is closely involved in the development, configuration, and implementation of threat detection tools.
- Level 4 - SOC Manager - a role responsible for resource management (people, technology) and process improvement; it acts as an organizational point for critical incidents. It ensures continuous improvement of the security strategy.
Processes functioning in SOC
IT environment analysis
Malware analysis and IT forensics
Building knowledge and awareness
Penetration testing and vulnerability management
What does a scalable SOC provide?
- Use of a Customer maintained SIEM or delivery of a SIEM system
- Identification of potential attacks and sources of data about attacks
- Precise, previously agreed in advance response to the incident (e.g. contact with CSO, firewall reconfiguration)
- Supplement only those security areas that require it, we don’t fix things that work
- Up-to-date information on the level of data security, you will always be informed about threats
- Individual approach and ongoing support in the area of ICT security