Cyber attackers are becoming increasingly more sophisticated and are continuing to challenge the security teams. For most organisations who aspire to have security monitoring and incident response services but may not have the resource and budgets, our Managed SOC service significantly reduces the organisational overhead.
Our service provides the following features;
Security Architecture guidance for integration
• Proactive monitoring and detection on unusual/ suspicious network traffic
• Initial triage and analysis
• Vulnerability Management as a service integration – to provide further context and focus on businesscritical services
• Security Change Management integration – align and integrate with any existing ITIL Change Management processes – to help further identify and detect abnormal behaviour/changes from expected behaviour/changes
• SIEM as a Service integration – to correlate events against unusual or suspicious behaviour and Indicators of Compromise (IOCs)
• Incident Management Service integration – managing and supporting security incidents through to resolution
• Security metrics and executive reporting
• Access to our Cyber Response support platform
• Threat hunting – integration with our Endpoint Security Service to further utilise our Remote Live Forensics capabilities to hunt for suspicious behaviour and further analyse files within our sandbox environment.
Our Service Provides 3 Key Elements:
• Log Collection
• Log Aggregation/Correlation
• Log Archiving These services ensure that business critical systems are monitored and unusual patterns of behaviour are identified and correctly followed up. Beyond any compliance requirements that your organisation may have, we also continuously look back over historical past events and further look for other signals or indicators that could lead to a potential security incident.
Our service provides context for a detected event:
• What happened?
• Who was involved?
• Where did the event happen?
• When did the event happen?
• Why? Was this a scheduled change? Or an unauthorised change?
Operational Incident Management Our Incident response capability includes four main phases:
2. Detection and Analysis
3. Containment, Eradication and Recovery
4. Post-Incident Activity Our Incident Management Service aligns with both ISO 27035 and NIST SP 800-61 and aims to integrate with your existing Information Technology Infrastructure Library (ITIL) services.
Our Incident Management Service also integrates and compliments our other services such as Managed Endpoint Device Service and Managed Security Operations – enabling us to detect, protect and respond.
• Develop and operate Incident response policies and plans
• Agreeing, identifying and exercising procedures for performing incident handling and reporting (including stakeholder communication guides for third party and external engagement)
• Root Cause Analysis (RCA) / Post-Incident Activity
• Perform Red/Blue team activities to test readiness and the effectiveness of procedures
We manage the problem throughout its life cycle through to recovery and post-incident analysis
“Forty-eight percent of data security breaches are caused by acts of malicious intent.”