Our Security Operations Centre (SOC) is a highly specialized security centre, which is based on three pillars, namely, people, technology and processes/procedures.
It enables continuous monitoring, detecting threats and analysing the security of IT systems and infrastructure. SOC ensures fast response to incidents that could adversely impact the operations of an organization.
The Scope of SOC services
Incident monitoring and handling
- collecting, analysing and correlating events occurring in client systems and networks
- after automatic verification in the systems, the collected data is then checked by analysts
- detecting security events or incidents
- evaluating the impact of an IT security incident on client systems
- false positive alarm verification
- handling events in accordance with the procedures (e.g., incident escalation)
Incident response (expanded incident monitoring and handling service)
- remote response to a detected cyberevent
- contact with client’s security team
- consulting in terms of actions mitigating adverse incident effects
- collecting missing information in the case of most advanced attacks
- in-depth analyses, e.g., of found malware samples or communication with botnets or command and control (C&C) networks
- support in the field of forensic analyses
- proactive control preventing numerous ICT security incidents
- penetration testing and security reconnaissance
- security audits and reviews
- identifying and evaluating vulnerabilities
- support in the field of ensuring conformity with legal or corporate requirements in terms of information security
- consulting in the field of organizing in-house security teams (processes, technologies, human resources)
Specialists fulfilling all of the aforementioned tasks for our clients exhibit high skills and vast experience.
This is evidenced by numerous, renowned and globally recognized certificates and completed training courses in the field of ICT security, such as ISO 27001 Lead Auditor, ISO 22301 Lead Auditor, CISA, OSCP, OSWP, CEH, CySA+, CompTia Security+, CCIE, CCNP, CCNA, CCDA or PCNSE.
The SOC team they make up is divided into three lines of support.
Line 1 (L1)
Specializing in customer service, monitoring ICT security status, selecting and prioritizing incidents (triage)
Line 2 (L2)
Responsible for incident management, including coordination of incident handling and closure of problem tickets
Line 3 (L3)
A group of experts in the field of specialized, advanced security services, such as analysis of complex threats and attack techniques or administration and tuning of security platforms
Depending on the client’s needs, the complexity of ICT system, as well as already implemented security processes and procedures, our team will tailor an offer best-suiting the requirements.
- Support by EXATEL may be limited solely to “fighting fires” in the event of security incidents detected by the client. Our SOC experts remain on standby and will come to the aid when an incident requires a response (SOC Assistance service).
- Should the client require assistance to a greater extent, our specialized SOC L2 and L3 engineers, besides helping with security incidents, will also implement projects in the field of advanced cybersecurity services, such as training, audit, pentesting, etc. (SOC Support service).
- In the case of required involvement of our SOC team in 24/7 monitoring and detection of security incident at the client’s premises, we can also adjust the service level, from the observation of several crucial data sources and submitting periodic reports on infrastructural security (SOC Starter service), to comprehensive monitoring with ongoing incident response (24/7/365).
- comprehensive approach to protecting critical infrastructure against cyberthreats
- client infrastructure monitoring service provided by SOC in the 24/7/365 mode
- access to the knowledge of experienced cybersecurity analysts and specialists with an extensive range of skills
- the service can be provided using an SIEM system operating within the secure EXATEL infrastructure
- no need for costly investments, as well as for implementing and maintaining an in-house system for monitoring and responding to security incidents
- SLA guarantee covering service operation and security incident response time