SOC as a Service
Subscription to continuous protection of the entire company
There are many moving elements when it comes to keeping a business secure. H-X puts all of the parts together so you don’t have to. Buying an external service of the Security Operations Center (SOC) is an effective and efficient alternative to investments to implementation and support of your own SOC.
We use Skout/FortiSIEM platform for our SOC as a Service. It is a managed solution that collects, aggregates, and normalizes log data from hundreds of sources for AI-enabled analysis using an analytics platform, threat intelligence, SIEM, and 24/7/365 Security Operations Center. The solution identifies threats such as incorrect logins, coordinated attacks, multi-factor bypass, and rogue agents.
“Three pillars” of our SOC
- Technology: log management, security event and incident management, event sources, security orchestration automation & response, user behavior analytics and machine learning, threat hunting, etc.
- Processes: technological, business, analytical, operational, communications, etc.
- People: IT and security engineers, security analytics, incident response team, etc.
- Log management platforms
- User behavior & Entity analysis
- Machine learning
- Orchestration & Response
- Digital Forensics
- Distributed cloud platform with high availability architecture, etc.
Our capabilities include monitoring the most popular server platforms, network technologies, applications, databases, virtualization platforms, storage, backups, cloud platforms, etc.
- Tier 1 (Level 1) – Alert Analysts continuously monitor the alert queues; triage security alerts; monitor the health of security sensors and endpoints; collect data and context necessary to initiate Tier 2 work.
- Tier 2 (Level 2) – Incident Responders perform deep-dive incident analysis by correlating data from various sources; determine if a critical system or data set has been impacted; advise on remediation; provide support for new analytic methods for detecting threats.
- Tier 3 (Level 3) – Subject Matter Experts and Threat Hunters possess in-depth knowledge of network, endpoint, threat intelligence, forensics, and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure; act as an incident “hunter”, not waiting for incidents to occur; closely involved in developing, tuning and implementing threat detection analytics.
We will design the most suitable defense machine to fit your specific risk profile.
Base SOC service
- Monitoring, detection, and analysis of potential intrusions in real-time and through historical trending on security-relevant data sources.
- Response to confirmed incidents, by notifications about security incidents (escalations) with information about the attacks, threats, vulnerabilities, affected systems, and recommendations on how to mitigate the incidents and vulnerabilities.
- Participation in resource coordination, and taking of timely and appropriate countermeasures for incident response.
- Tier 1 (alert analysts), Tier 2 (incident responders), and Tier 3 (subject matter experts and threat hunters).
- Technologies: FortiSIEM, Kubernetes, Graylog, Elasticsearch, Logstash, Kibana, syslog-ng, Ansible, Splunk, etc.
Learn more about our additional services and business cases. Send the form below to order SOC as a service. Get a free consultation.