Security Operations Center
What is Exatel Security Operations Center
Security Operations Center (SOC) is a specialized security center built on three foundations:
- processes and procedures
This is why we can guarantee continuous monitoring, detection of threats and security analysis of IT systems and infrastructure. SOC also ensures fast responses to incidents which may harm the organization’s operations, recovery of operations of the customer’s systems compromised by a cyber attack. Our Security Operations Center services are provided by a specialized organizational unit operating within Exatel SA.
Exatel Security Operations Center is built on three major foundations: people, technologies and processes and procedures.
SOC offers 4 lines of support:
- 1st line – team specializing in customer service, ICT monitoring, incident selection and prioritization,
- 2nd line – unit in charge of security platform management and incident management,
- 3rd line – group of experts in sophisticated attack techniques and most complex threats,
- 4th line – group of security platform administrators – experts in security services provided by Exatel.
High competence and experience of our employees have been confirmed by multiple, well-known and globally recognized certificates and ICT security training courses:
- CISM (Certified Information Security Manager)
- CISA (Certified Information Systems Auditor)
- CISSP (Certified Information Systems Security Professional)
- OSCP (Offensive Security Certified Professional)
- CEH (Certified Ethical Hacker)
- ISO 27001 Lead Auditor
- CCNP (Cisco Certified Network Professional)
- PCNSE (Palo Alto Newtorks Certified Network Security Engineer)
- Arbor Networks Peakflow SP: System Administrator
- Arbor Networks Peakflow SP/TMS: DDoS Detection and Mitigation (User)
- GREM (GIAC Reverse Engineering Malware)
- CCNA (Cisco Certified Network Associate)
- CCDA (Cisco Certified Design Associate)
We provide our services using only proven technologies of world’s best brand names. However, before we select the technology, we first run thorough internal tests (POC). We also verify opinions issued by independent institutions specializing in analyses, tests of and counseling on ICT security.
Processes and Procedures
- We leverage on many years of experience of our Network Operations Center (NOC) – proven and effective processes and procedures for handling incident requests.
- We process the requests quickly, effectively, professionally and in accordance with the SLA parameters agreed upon with the customer.
- We guarantee that all the information we receive is completely secure, which is reflected by the number of customers from the financial or public administration sectors.
- We have ISO 27001 certificate, a dedicated confidential office and first degree industrial security certificate for top secret clause. This proves we ensure the strongest available security of information.
- We are now in the process of obtaining NATO Secret and EU Secret certificates.
- We fulfill the financial sector’s strict requirements regarding security of information and protection systems.
Scope of Service
Incident Monitoring and Management
This is the primary service of Exatel SOC. It consists of three components:
- monitoring of events within the customer’s network — meaning collection, analysis and correlation of events in the customer’s networks and systems. The collected data are first automatically analyzed by analytic systems and afterwards examined by our security experts,
- detection of security events or incidents,
- evaluation of impact of the IT security event or incident on the customer’s system – if our system detects a security event or incident, our ICT security expert will first analyze it. They will first verify whether this is not a false alarm. Upon the analysis, actions are undertaken in compliance with the procedures in place.
Service available 24/7/365.
Responses to Incidents
This is an extension of the incident monitoring and management service. Our experts remotely react to detected cyber events. Additionally, the customer may choose sophisticated extra services, for instance malware reverse engineering or computer forensics. Within the service the customers are offered a pool of consulting hours for incident analysis.
Cyber Threat Intelligence (CTI)
Cyber Threat Intelligence (CTI) is an optional service. However, it ensures extra support with information about the latest cyber threats identified all over the world. If you choose to use this service, our experts will be monitoring sources of cybercrimes and will notify you of planned cyber attacks.
This service constitutes proactive control of ICT security aspects. It prevents incidents through regular prevention activities. It consists of the following component services:
- penetration tests and security audits,
- seeking and assessment of vulnerabilities,
- analysis and generation of network topology maps.