T-SOC Managed Security Services
As we have entered the era of targeted cyber-attacks, Security Leaders and Managers are continuously facing an increasing need to establish the capability of timely and effective information security incident DETECTION, RESPONSE, and INVESTIGATION.
Establishing this capability requires the security leaders to hire skilled security teams and setup an effective Cyber Security Operation Center (SOC) that can become the heart of the organization’s detection, response and investigation of cyber-attacks. With ‘global’ security skill shortages, budget constraints, head-count approval hurdles, and extremely short-timelines to establish teams and capabilities, security leaders are struggling to implement their SOC ambitions. With mounting pressure from executives to justify return on security investments, security leaders are challenged to extract maximum value out of the existing technologies in hand and also evolve their ability to rapidly detect and respond to threats.
Our T-SOC Managed Security Services are designed to help security leaders and managers overcome all these challenges and provide them SOC capabilities that can evolve with the organization’s needs and the changing threat landscape. With well-planned processes and highly skilled people, T-SOC services offer SOC support to meet the requirements of organizations of all sizes.
Through T-SOC managed security services, we offer the following services:
From the flood of threat events that occur on a daily basis, we do the hard work of filtering down the threats to separate the wheat from the chaff. This allows us to focus on real intrusion incidents that require immediate attention and our dedicated security experts can then leverage their extensive security knowledge to analyze these threat events and determine the actions required for remediation.
Our Security Monitoring Service Includes:
We provide basic incident analysis during the incident triage phase that begins as soon as an alarm or offense is generated from the customer’s SIEM. Incident Triage involves assessment of the threat events and identifying if there is an imminent security threat. If such incidents are detected, then we verify and make sure that they are not false positives. After that we assess the severity of each incident and address important concerns such as how the incident occurred, what was the motive behind it and the severity of each incident. Finally, we move towards prioritization and report each security incident based on its level of severity.
SIEM Advisory Report
As part of our SIEM Monitoring Services, we provide SIEM advisory reports to our customers in order to help them improve the detection capability of their SIEM. The SIEM advisory report is generated after an analysis of incident data, at intervals defined by the SLA opted by the customer, and shall include recommendations on new SIEM log source integration along with log source enhancement and tuning so that organizations can get a better understanding of their current security state. It also provides recommendations on new SIEM rule creation and SIEM rule tuning so that organization can create use cases specific to their organization.
SIEM Health Check Report
We also provide regular SIEM Health Check reports to our customers in order to ensure that their SIEM system performance remains optimal. The SIEM Health Check report is generated after an analysis of system resource utilization data, at intervals defined by the SLA opted by the customer, and shall include information and recommendations on SIEM storage that highlights whether there is a need for archival of old data or increasing the memory as well as recommendations about SIEM performance. It will specify whether all events are passing through SIEM
Security Incidents Report
As part of our SIEM Monitoring Services, we also provide customers with regular security incidents report that empower security teams to better analyze the threat landscape and trends. The incident report shall be delivered as per the SLA opted by the customer and shall include an executive summary of the entire report. It will also highlight the number of incidents detected and their trends along with the root cause of the incidents, current status of the incidents and the number of false positives. This security incidents report can address the needs of multiple audience including senior management, technical staff, third party regulators, insurers, and litigators.
We have the expertise to help your organization investigate and respond to security incidents effectively. We specialize in investigating intrusions and targeted attacks as we have a team of skilled, trained and experienced threat analysts, security engineers and customer support professionals to effectively manage and remediate even the most notorious security incidents. T-SOC harnesses intelligence from TRIAM’s T-Eye Platform to identify the actions of the attacker and the scope of the breach. We then assess the steps required to move towards containment, remediation and cleanup. In close coordination with your organization’s IT staff, we enable you to close the incident loop from detection to complete remediation.
Our Incident response service includes:
Once an incident is detected, we then conduct an incident triage that begins with understanding the current situation and involves determination of the source of attack, type of attack and its impact. Based on that information, we work closely with our clients to make the best possible business decision and deliver a comprehensive remediation plan and also assist with its implementation.
Security Incidents Report
As part of our Incident Response Services, we provide our customers with a detailed security incidents report so that they can better analyze the threat landscape and trends. The incident report shall be delivered as per the SLA opted by the customer and shall include an executive summary along with details such as number of incidents detected, root cause of the incidents, whether the incidents were closed successfully or not and the number of false positives. Our regular security incidents report can provide the necessary threat insight to companies so that they can prioritize and exercise appropriate oversight to incrementally improve their level of preparedness.