Security Operations Centre (SOC)
Security Information Event Management (SIEM):
Whereas infrastructure monitoring will detect the symptoms of something going wrong, SIEM provides the insight as to why it is going wrong. Using the industry recognised Splunk solution, we can collect log data from your network and server infrastructure and analyse it to identify potential security incidents.
Our fully trained and officially certified engineers will analyse the data delivered by the Splunk platform and take the appropriate course of action in line with our agreed service agreement with you.
Network Traffic Behaviour Analytics:
Our Network Traffic Behaviour service will enable our qualified security analysts to identify any unusual behaviour on your network. Using the industry recognised Splunk solution, we can identify which computers on your network are talking to the internet,
and who they are talking to. Watching for any changes to normal traffic patterns will allow us to alert you and take action against undesirable activity.
This can be particularly effective because under normal circumstances, firewalls will typically allow this type of traffic to continue thereby allowing the breach to continue unchecked.
Intrusion Prevention System (IPS):
By deploying Cisco Adaptive Security Appliances (ASA) we can check traffic that reaches your network against a global database of known suspicious IP addresses or traffic signatures. If identified, our support engineers can be alerted or the traffic can be automatically blocked. This service is typically bundled with Cisco Anti-Malware protection.
Technical Vulnerability Management:
New vulnerabilities can often be identified by equipment manufacturers or more commonly due to configuration changes. By performing regular vulnerability scans of your systems we will continue to identify new vulnerabilities as and when they appear. If discovered, our support staff will take immediate action to mitigate the vulnerability.
Offensive Threat Intelligence:
We will actively investigate security incidents to determine if an attack is targeted or prospecting. For example, if a phishing scam is detected, one of our engineers will actively research the originating party.
Advanced Email Analysis:
This service is designed to evaluate the usual behaviour of email traffic per user. Should this behaviour change, a security incident will be raised for further investigation by our support staff. It is designed to highlight where there has been a clear change in behaviour, for example a user who typically sends 100 emails
a day with a few word attachments suddenly starts sending 200 e-mails a day with excel attachments. This could be a sign of a compromised account or even potentially a disgruntled employee.
Security Operations Centre (SOC) Service Desk:
The service desk is arguably the most important element of any cyber security defence solution. Computer systems are great for analysing information and raising alerts, but it is the skills of a cyber security engineer enabling the translation of the automated notification into an understanding of what is happening and, ultimately, whether the alert is a false positive, an indication of something suspicious which requires further investigation, or that a system is about to fail (for example an email server). Our fully trained and accredited staff have the experience to manage the incoming alerts and where necessary take the appropriate actions.