Security Operations Center (SOC) as a service is the most solid and comprehensive approach to security operations for businesses. We provide SOC in any mode: monitoring, control or operational. Components of the service include:
- Security Information and Event Management (SIEM) implementation and administration;
- Security Monitoring Team;
- Incident Response Team;
- Control Team (audits);
- Operational Team (security infrastructure management).
Our services are based on industry-recognized SIEM software systems like QRadar, ArcSight, Splunk, Sentinel, Alien Vault and others. We implement Distributed and Highly Available SIEM. We build the SOC or any its function at the Customer’s site (on-premises or in the cloud), or provide them as a service remotely.
Main values of Infopulse SOC service are:
- 24×7 real-time control over business protection;
- Prompt detection, prevention, and mitigation of security incidents;
- Full compliance with internal and external requirements;
- Detection of configuration and change management defects;
- Transparency of users’ and administrators’ actions in IT Systems.
Advanced monitoring and operation features offered by Infopulse:
- Detection and protection from zero-day attacks
- Extended malware protection
- User behavior analytics and anomaly detection based on statistics or machine learning
- Integration of the platform with third-party threat intelligence software
- Proactive defense by integrating with security systems
- Built-in vulnerability scanning or integration with third-party appliances
- Extended Active Directory and File Service monitoring
- Monitoring of administrator actions
- Security baseline monitoring
While working on SIEM architecture and implementation, Infopulse conducts the following:
- Deep analysis of assets before connecting them to SIEM: setup required controls, logging level, and risks assessment, agreement of an appropriate type of collection (agent or agentless);
- Preliminary assessment and optimization of client logging infrastructure;
- Simulation of real attacks and vulnerability exploitation modeling for deep log discovery. As a result, minimum false-positive alerts after implementation;
- Development of custom parsing rules for non-standard or in-house applications;
- Deployment of automated incident handling tools;
- Integration with vulnerability scanners, public reputation, and security tracking services.