Design and deployment of Security Operations Center
The purpose of the Security Operations Center (SOC) is to detect, analyze and respond to cyber security incidents through the use of a combination of technology solutions, established processes and expertise.
The functionality of a Security Operations Center is built from the following main components:
- – Incident Management – This core functionality is provided by the SIEM solution. Its centralized user interface provides role- and feature-based access and a global view of incident management. SIEM information screens facilitate experts in detecting anomalies in the activity of the monitored infrastructure and, accordingly, provide early detection of incipient attacks.
- Threat Management – the solution uses its cyber-intelligence and data mining capabilities to scan the standard, deep and dark web and provide actionable information about potential threats targeting the customer’s specific business area, its assets, processes, employees and others.
- Vulnerability Management – Proactively discovers security vulnerabilities in network devices, servers and applications. It supports the prioritization of actions to remove them and mitigate the consequences of their possible exploitation.
- Brand Monitoring – Provides information on cyber threats specifically targeting the monitored organization. The system identifies the client’s assets based on his name and the main services he uses and offers. The platform constantly scans a wide range of threat assessment sources on the standard, deep and dark web. It also uses the services of Internet search engines to collect and analyze additional information.