Security Operations Center

Security Operations Center

SOC provides centralisation of security incident management, minimises incident response time and impact on protected assets.


 

Central security point

A company we shall not name used an array of technological solutions to ensure its cyber security. However, it had difficulty running the systems. The main problems stemmed from the diversity of the systems, the user interfaces and the lack of a central assessment mechanism. Another problem was the high turnover of employees in the IT Department, who had to work with the various technological solutions. Repeated employee training for a wide range of security tools thus accounted for a significant budget item.

This company then contacted us for assistance in resolving the situation. From the very beginning, the initial state appeared to be very complicated. We began centralising security into a single point and provided management of the security technology through support. The central point became a security operations centre (SOC) structured into multiple levels.

The actual construction of the SOC was preceded by an extensive analysis, which provided us the necessary information to integrate all the technology into a central point. As part of the analysis, we developed a register of log sources, risk analysis and threat models, and we created the processes needed to operate the security centre on site and throughout the entire company. The analysis also included an assessment of the client infrastructure and configuration optimisation for individual components.

The first problem we encountered in creating the SOC was when merging individual resources under central monitoring. The majority of the customised resources (primarily applications) could not be monitored in a standard way and therefore had to be connected through agents. This fact significantly prolonged the implementation time.

The second problem after resources were connected was to de-bug the false positives. We resolved this during pilot operations, when the system was customised to minimise false positives so that it only generated relevant events and did not unnecessarily burden the infrastructure. The client was thus able to fully use the SOC to ensure the security of its infrastructure.

Solution description

Security Operations Centre the SOC is a solution to ensure the comprehensive central management of security situations and incidents in a single point, with the aim of minimising the response time to incidents and any damage that may arise.  The Security Operations Centre is built on the pillars of preparation, detection, analysis, investigation, response and post-incident activity.

Continual real-time monitoring enables us to identify or possibly receive notification of potentially harmful activity within the protected infrastructure – detection. We determine whether this constitutes a security situation or incident that might have a negative impact on the infrastructure we protect – analysis. The goal of examining a given security incident is to determine the specific impacts and the way in which an attacker was able to penetrate the infrastructure – investigation. An immediate response minimises the impact of the security incident – response. After a successful response, we ensure that lessons are learned from the incident (continual improvement), corrective measures are introduced, and all findings are reported to increase awareness – post-incident activity.

This is all possible thanks to a robust combination of processes, technologies and human resources that are directly optimised to meet client needs.

Advantages

  • Reduced incident response times (increasing effectiveness) which thus lessens incident impact (reducing replacement costs).
  • Centralisation of security at a single point.
  • Real-time awareness of the security situation in the infrastructure.
  • Reduced personnel costs (SOC operators instead of technicians for individual technologies).
  • Minimal operator errors (automated security) thanks to pre-defined procedures for resolving incidents.
  • Protection from current as well as newly-emerging threats (coverage for a comprehensive portfolio of security threats).

Why choose AEC?

  • We are a team of experienced security consultant and architects.
  • We know how to integrate a broad portfolio of technologies into a single point and create     and configure processes for these technologies to ensure the proposed solution functions properly.
  • The solutions we design comply with national legislative requirements and international standards.
  • We use penetration tests to test the design and function of our solutions.
  • We are a local company with a core group of employees that prioritises an individual approach to every client.
  • We have 30 years of experience in information security across all sectors (banking, energy and utilities, telecommunications, manufacturing, media and trade, insurance, and the public sector).

References

We have established long-term cooperation with companies and organisations throughout the market. Our clients include multi-national companies as well as small companies and entrepreneurs.  We cater to the specific needs of every client and offer services tailored to their size and area of business. We will be happy to provide particular references upon request.