Implementation of your SIEM and SOC

Comprehensive real-time protection for your company

“The average time to identify a breach is 206 days. The average lifecycle of a breach is 314 days from the breach to containment” (based on IBM global reporting)

Threats are increasing, that’s why SOC matters. A Security Operations Center, or “SOC”, is a company’s cybersecurity nerve center. It is the company’s defense command post for the control of cybersecurity risk. SOC can be a physical setting on-premises or off-premises. It can be in-house, co-managed, or fully outsourced. Also, a SOC can effectively work in the cloud. But no matter how the SOC is configured, its basic functions are the same: to watch, monitor, detect and respond to security issues and incidents in real-time.

SOC components

The mission of a SOC is comprehensive continuous management of cybersecurity risks, vulnerabilities, threats, and incidents, including Advanced Persistent Threat (APT) and covert ongoing cyber incidents. The mission statement includes the following five proactive and reactive practical goals:

Prevention of cybersecurity incidentsPrevention of cybersecurity incidents.
Proactive technical and organizational measures.
Monitoring, detection, and analysis of potential intrusionsMonitoring, detection, and analysis of potential intrusions.
Performed in real-time and through historical trending on security-relevant data sources.
Response to confirmed incidentsResponse to confirmed incidents.
Performed by coordinating resources and using timely and appropriate countermeasures.
Situational awareness and reporting on cybersecuritySituational awareness and reporting on cybersecurity.
Includes reporting on cybersecurity status, incidents, and trends in criminal behaviour, provided for appropriate organizations (customer, authorities).
Engineering and operating Computer Network DefenseEngineering and operating Computer Network Defense.
Tools and methods for protection, monitoring and recovery at all levels of ISO/OSI.

SIEM and SOC audit

Our team of professionals have experience working with deployments of different sizes and complexity across a variety of use cases. We can help you to improve any SIEM scenario or instance, including Security, Fraud, Compliance, IT Operations, IoT/IIoT, Industrial Data, Utilities, Business Analytics, DevOps, and others.

We will consult you on the most optimized solutions needed for your SOC. We audit, select, plan, implement, and configure SIEM for your setup, maintain your SIEM, build new correlation rules for your deployment.

Options:

  • Maturity model assessment and plan
  • SIEM design
  • SIEM tuning and log acquisition
  • Runbooks, training methodology, catalogs, and use cases
  • KPI development and analytical models
  • Comprehensive product evaluations
  • Automation script development
  • Data lake, analytics, and machine learning
  • Threat intelligence fusion

SOC implementation delivery workflow

1
Confidentiality
We sign a Non-Disclosure Agreement and commit to confidentiality.
2
Engagement
You answer our questions about the conditions and environment to help us better define your requirements and expectations. Where is your IT infrastructure? Onsite, at a data centre, on a cloud, or is it a combination of them? Where would you like to have the SOC teams placed? Are they your staff, ours, or a combination? What SOC Service Level Agreement (SLA) is the most suitable for your needs? Where would you like to place the main SIEM systems: in your office, in the cloud, or at our data centre? And some other questions. Once we receive your answers, we assign the implementation project team, set up communications, and get initial access and permissions.
3
Discovery
We make the asset discovery for you. We define all your objects to be monitored and prepare an asset inventory. Then we outline the event entries, incident response, and support procedures. Next, we estimate the monitoring capacity in Events Per Second (EPS) or Gigabytes (GB). After that, we analyze all inputs and develop a Statement of Works and a Project Plan
4
Deal
We send you a detailed Commercial Offer including a high-level implementation project plan. These documents define all detailed conditions and parameters of the implementation project and maintenance delivery. After you accept our offer and approve the documents, we will sign a Service Agreement.
5
Implementation
We deploy the SIEM system, connect your assets, develop and implement rules and procedures, train your personnel, and develop an Implementation Report.
6
Support
If this option is chosen, we start the security operations including, but not limited to, monitoring the security events inside and outside your IT infrastructure, responding to the security incidents and consulting your staff. Depending on the agreed SLA, you get 24/7 or 8/5 availability of our Tier 1 SOC team and guaranteed availability of Tier 2 and Tier 3 teams. See also SOC as a service

Why we are special

Our features and unique selling points are:

  1. Our SOC assessment, implementation, and optimization is based on modern scientific research in the field of cybersecurity threat management.
  2. Wide experience with solutions from multiple vendors.
  3. Experience of SOC/SIEM optimization and scaling.
  4. High flexibility and competence working with SIEM components.
  5. Combination of the defensive and offensive security methods, and combination of the DevOps and security engineering functions.

Therefore, we:

  • make an asset inventory, assess and optimize the event logging and estimate event capacity and your regular expenses even before signing the contracts;
  • audit any legacy or existing SOC capabilities, effectively find gaps, refactor code and optimize methods and processes;
  • design and implement distributed, scalable, and fault-tolerant SIEM architectures;
  • analyze assets deeply before connecting them to the SIEM: configure required controls, logging levels, and risks assessments, flexibly define appropriate ways of collecting logs (with or without an agent);
  • develop custom parsing rules for non-standard or in-house developed applications;
  • simulate real attacks and vulnerability exploitations to model deep analysis of logs and to minimize false positive alerts after implementation;
  • make modern vulnerability scanners;
  • provide public reputation and security tracking services for you continuously;
  • deploy automatic incident handling tools;
  • implement not only monitoring SOC but also operational SOC or control SOC, to respond to your business needs better.

Thus, we have a comprehensive set of SOC technologies, processes, and staff to satisfy the business needs of companies of all sizes.

Read also about our SOC as a Service, which does not require your capital investments, unlike SOC implementation.

Contact us today to order a SIEM or SOC implementation or to get a consultation.