Monitoring of Incidents
SolaredSOC. Monitoring of Information Security Incidents
SolaredSOC: Monitoring of incidents is set of technologies and incident detection practices, guaranteed SLA of incident analysis and qualified staff working 24x7.
SolaredSOC provides services ranging from long-term storage of information security events to monitoring and investigating of incidents identified through correlation rules. Thus, incident monitoring is performed both in basic infrastructure, and at the level of applications and users with use of information on the identified targeted attacks and zero-day cyber threats.
SolaredSOC incidents monitoring platform is based on a fault-tolerant configuration of HP ArcSight ESM system connected with the sources of data about untrusted IP, URL and botnets. Solared Cyber Security has partner relationships with the leading laboratories engaged in the detection of attacks and cybercrime such as Kaspersky Lab, Group-IB, and аs well as exchanges information with CERT. This cooperation allows for aggregation of information about threats, identification of more incidents and detecting zero-day attacks as soon as possible.
SolaredSOC: incident monitoring to identify the incidents which you might not notice
Start using SolaredSOC Incident Monitoring if:
- Organization has a complex infrastructure, which has critical business systems that are under threat of internal and external information security intruders.
- The logs of various information security controls stay unanalysed.
- There is no possibility to allocate a team for rapid response and investigation of incidents
- Violators responsible for the occurrence of incidents are rarely found
- Information security regulations and policies are developed, but technical enforcement of their implementation is not performed
SolaredSOC Incident Monitoring helps to solve the following problems:
- The majority of serious incidents stay unnoticed
- Incidents are disclosed only by indirect signs or are noticed by customers and partners
- There is no possibility to separate minor incidents and to focus on analysis of critical violations
- It takes too long to configure and implement the own SOC, so it makes delays to start benefiting from it
- The security team has no understanding of incidents types which may occur in infrastructure and applications
SolaredSOC Incident Monitoring benefits:
- Monitoring and analysis of incidents are performed 24 hours per day, 7 days per week in full compliance with a guaranteed level of SLA
- Quick start, elaboration of incident scenarios and connection to the monitoring centre within 4 weeks
- Aggregated analytics on hacker groups, botnets and untrusted IP-addresses obtained from several global laboratories
- Information exchange and cooperation with leading CERTs, Kaspersky Lab and Group-IB research centres for rapid defence from cybercrime.
- Providing information exchange of detected attacks among customers having similar infrastructure.
- Long-term distribution of investment in information security with possibility to flexibly scaling services for the current business needs
Five Facts About SolaredSOC Incident Monitoring
- The 1st line of 24x7 duty shift handles more than 220 000 suspicious events per year
- Technical protection measures are implemented in SolaredSOC separate the data flows and increase the confidentiality of information about the customer incidents
- The first service for incidents monitoring was launched in 2013
- The duty shift consists of more than 50 people who are the analysts and experts of SolaredSOC
- The unique experience and methodology of incident detection based on the correlation of information security events, multiple system types and subscriptions for reputation databases
- Connecting to SolaredSOC of information security systems, IT services, workstations of privileged employees and database servers and applications as sources of information security events
- Development of connectors for legacy systems, collection and long-term storage of information security events for the purpose of performing of investigations and compliance with regulation standards
- Selection from SolaredSOC catalogue and monitoring of relevant scenarios incidents in the basic infrastructure
- Profiling of user activity and applications for detection of anomalies
- Analysis of applications, users and administrators operation in terms of business processes, development of unique scenarios of incidents for each customer
- Detection of zero-day attacks by comparing the aggregated data on cyber threats and information security events of Customers
- 24x7 monitoring and incident response in accordance with applied SLA
- Analysis of incidents, filtering of false positives, finding out the primary causes
- Preparation of incident reports
- Further investigations with collection of digital evidences
- Cross updating of incident scenarios after the threat vectors were identified on the customer site