The scope of work is defined to provide managed security services using SIEM integration with SOAR including playbook development in a 24/7 service and support model.

Managed SOC Services

Integrating Technologies

This managed security as a service scope shall be managed and delivered from offshore security operations center, practiced under the Cyber Security Centre of Excellence business unit.

Managed SOC services offers continuous monitoring, incident response, and threat analysis to deliver end-to-end cyber security operations.

This service is responsible for establishing clear communication channels with clients to understand their security needs and pain points. Managed SOC Services are divided into three levels, ensuring that we provide the appropriate response and expertise at each stage of an incident. These services will be tailored to clients’ specific needs, offering SOC L1, L2, or L3 support based on their individual requirements. The SOC team will manage, monitor, and respond utilizing solutions such as SIEM, SOAR, EDR, XDR, EPP, and firewalls, whether they are installed and configured on client premises, or in the cloud.

The scope of services to be carried out as part of managed service process:

  • A. Installing, configuring, and monitoring the assets using SOAR capable SIEM with maximum 15 playbooks from gateway to
    endpoint system.
    a. Asset discovery
    b. Installation and configuration of SOC
    c. Initiate Monitoring activity
  • B. Threat Hunting and Malware Analysis
    a. Engage in proactive threat hunting activities to identify and mitigate potential threats.
    b. Analyze malware samples to understand their behavior,capabilities, and potential impact.
    c. Develop and implement patch management strategies to remediate identified vulnerabilities.
  • C. Digital Forensics and Incident Response
    a. Conduct digital forensic investigations to collect, analyze, and preserve evidence of cyber incidents.
    b. Provide rapid incident response services to contain and mitigate the impact of cyber-attacks.
  • D. Gathering metadata from devices
    a. Metadata Analysis and identification of malicious threat actors
  • E. Analysis using existing data like attack patterns, threat Identification/feeds and existing signatures from repositories
    a. Intrusion detection of endpoints
    b. Behavioral monitoring Analysis based on our own incidents and automated scripts
    c. Defining threat intelligence
    d. Device hardening if Gap Analysis is performed as separate activity
  • F. Vulnerability Assessment (VA) (Monthly) and Penetration Testing(PT)-Quarterly
    a. Vulnerability Assessment on all infrastructure assets from gateway to end-points.
    b. Penetration Testing on network assets based on VA performed
    c. Remediation and mitigation support
  • G. Risk Assessments and Compliance
    a. Based on threats identified perform risk assessment matrix
    b. Analysis of assessed risk and provide definitions for device configuration
    c. Reports preparation based on NIST framework
  • H. SOC Maturity and Capability Assessment
    a. Evaluate the suitability and integration of security tools and technologies, focusing on their effectiveness.
    b. Assess how well the SOC handles incidents, including response times, workflows, and defined roles.
    c. Examine the qualifications and ongoing training of SOC staff to ensure they’re equipped to handle security incidents
    d. Evaluate the SOC’s commitment to learning from past incidents and staying updated on emerging threats through threat intelligence.
  • I. Reporting & Documentation
    a. Weekly report consists of identified threat vectors
    b. Monthly 5 report consists of complete documentation with compliance information based on analyzed risk and attack patterns from threat vectors
    c. VA & PT report with recommendations, mitigation steps
  • J. Compromise Assessment
    a. Assess the indicators of compromise (IOCs) and signs of suspicious or unauthorized activities within an organization’s network, endpoints, and systems.
    b. Analysis of system logs, network traffic, and digital artifacts to identify anomalous behavior or patterns associated with security incidents.
    c. Prioritize potential security incidents based on their severity and impact, allowing organizations to respond effectively to the most critical threats.

crafting success, endless possibilities.

Change Your Business.

When your business is aiming to achieve its objectives, having a secure, scalable, and highly available cloud foundation is crucial.

Run In The Cloud.

With the increasing adoption of cloud services, the management and maintenance of cloud infrastructure have become essential.

Secure Your Business.

We specialize in improving threat detection and response capabilities, as well as enhancing visibility and controls to strengthen.

Leveraging data-driven insights is essential for safeguarding current investments and unlocking potential future business prospects.
get in touch with usget in touch with us

need consultation? let’s talk.