Search here...

Security Operation Center

SOCS are defined as a combination of people, processes and technology protecting the information systems of an organization through proactive design and configuration, ongoing monitoring of system state, detection of unintended actions or undesirable state, and minimizing damage from unwanted effects.

Technology

  • Enable SOC team to operate
  • Provide Technical Capabilities
  • Enable Centralized Operation

People

  • Perform the Operations
  • Analyze, Detect and Respond

Process

  • Govern the Operation
  • Standardize the Operation
  • Define Roles and Responsibility Matrices

 

SOC Design services

Designing Security Operation Centers methodology may vary. Our design methodology could be divided into the below listed phases.

  • Identify the required SOC services
  • Define the SOC structure to provide those service
  • Define the SOC technologies required to provide those services
  • Design the SOC technologies on the Client network
  • Build the SOC framework
  • Implement the SOC Technologies
  • Start the Operation

SOC Framework Creation

The SOC framework is the set of documents that organize the SOC operation and ensure that it follows a standardized process. As, shown in the figure below the SOC framework should contain information towards the Architecture, Governance and Organizational operation of the SOC.

SOC Consultation

Cylert expert engineers provides SOC consultation services for our clients. We consult on SOC building and enhancement. This includes the below listed services.

  • SOC Framework Creation with a customized set of documents to meet the client requirements
  • SOC Technologies design and distribution
  • Gap Assessment to identify gaps in existing SOCs
  • SIEM tuning and Log sources definitions
  • SIEM Use-Cases development
  • Security Playbooks development

We rely on a SOC setup to provide our Clients with the SOC as a Service; the setup guarantees that our clients are provided with the best possible service at a reasonable pricing structure. Where we provide our clients with the required services or personnel to operate their SOC on the most effective way

  • Centralized Shared

    Also, referred to as a Remote SOC as a Service This setup would rely on our analysts being located on Cylert premises and connect remotely on the Clients network to perform the 24×7 monitoring and other activities. The resources used in the project are shared between a number of clients calculated based on the events per second.

  • Dedicated Resources / Outsourced

    The setup will rely on the presence of dedicated Tier 1 and Tier 2 analysts on the client premises to perform the agreed upon functions. The number of analysts and their function may vary based on the clients’ needs.

  • Managed SOC

    Cylert provides dedicated resources and fully manage the SOC operation with cooperation from the client. This includes all personnel working the SOC and SOC engineering. Moreover, this will include further SOC enhancements and incident response services from the SOC team.

Cylert experts conduct the SIEM assessment to identify issues related to the SIEM solution. This aims to identify issues in log sources, use cases and the overall logging mechanism. The assessment aims to find implementation weaknesses that may result in false positives and false negatives. Also, a tailored set of mitigations and recommendations is provided in the report.

 

We Design the SOC for our clients, Create the Documentation and consult on the implementation. Our expert team will consult and assist our clients in building their own Security Operation Center by Designing the required services and technologies. Assist on the technology selection and consult on the technology implementation. Also, prepare the SOC Framework including all required documentation.

 

This is one of the most modern exercises in the Security Operation Center and overall Organization security enhancement. The exercise will combine both red and blue operators to conduct a series of test cases to identify gaps in defense and detection mechanisms. Then the purple team will plan and develop enhancements to close those gaps. Such enhancements may include Use-Case development, Security playbooks tuning, configuration modification…etc.

 

We assess the technologies already present for our clients find gaps and provide recommendations. While this may sound a traditional engagement yet still effective to assess the SOC technologies configuration and identify gaps like missing Use-Cases, miss-configured playbooks, EDR miss-configurations…etc.