Managed Cybersecurity Services: SOC

OUR SOC

The Forensics Security Operations Center (SOC) is responsible for monitoring, detecting, and identifying issues affecting information security. The goal of this center is to enhance the organization’s protection against cyberattacks.

Our security operations center offers a differentiated service that combines threat intelligence with 24/7 security surveillance and monitoring.

Our security service provides our clients with:

  • 24/7 cyberattack monitoring of their infrastructures 
  • Reduction of the average threat resolution time.
  • Mitigation of the impact of cyberattacks.

Added Value

Deployment led by Forensics’ specialized team

Partnerships with manufacturers guaranteeing Level 3 support and punctual assistance with implementation.

High specialization of the work team
Multiple sources of Threat Intelligence both internal and through Forensics’ various partnerships.

Outsourcing

Why outsource? Because cybersecurity is not simple, it is not the core of your business and we are a specialized and organized multidisciplinary team.

Capacity:
We provide information security protection services, from the most basic (antivirus, antimalware) to the most complex and in a 24/7 format.

Organizational and Business Vision:
Monitoring and surveillance offering continuous improvement and best practise.

Technology and Flexibility:
Market-leading tools adapted to all needs “as a service”.

WHAT WE OFFER YOU?

Forensic & Security’s Cybersecurity Operations Center is responsible for performing the Analytical Security activities (proactive and real-time threat detection) that we make available to our clients for the delivery of cybersecurity services.

The following key elements are incorporated as common services to the services offered:

  • Reactive threat/security incident detection service with 24/7/365 notification for critical alerts.
  • Proactive security threat/incident detection service with 8/5 notification for the rest of the alerts.
  • Periodic reports with information on detected incidents.
  • Periodic vulnerability analysis reports of our client’s infrastructure.

Our Cybersecurity Operations Center offers a reactive and proactive threat/incident detection service based on event information generated in the client’s infrastructure.

MDR Service

  • Capabilities: prevention, detection, investigation, and automated response.
  • Protection layer with EDR and NGAV technology:
    • Signature-based analysis
    • Behavioral analysis: AI
    • Protection against FileLess attacks
    • Protection against Ransomware
  • False positive discrimination through forensic analysis
  • Automated remediation: containment and disinfection
  • 24/7/365 monitoring
  • Periodic vulnerability scanning of infrastructures
  •  

SOC Service

  • Capabilities: prevention, detection and investigation
  • Agent deployment at each endpoint
  • Event collection and correlation using SIEM technology
  • Multi-vendor integration
  • 24/7/365 monitoring
  • Periodic vulnerability scanning of infrastructures
  • Security alert notification

SOC+ Service

Includes SOC and MDR service capabilities

  • Capabilities: prevention, detection, investigation and automated response
  • Protection layer with EDR and NGAV technology
  • Event collection and correlation using SIEM technology
  • 24/7/365 monitoring
  • Periodic vulnerability analysis of infrastructures
  • IR 365 service: hardware remote assistance
  • IR retainer option

HOW IS IT PROVIDED?

SOC levels

The levels of the Operations Center.

Level 1: Security Analyst
The alert reception team is in charge of classifying the possible alerts generated, escalating the most complex ones to level 2.
Level 2: Incident Responder
At this level, the tasks of triage and resolution of escalated incidents will be performed. The team of cyber analysts will perform investigation tasks on the incidents, reporting this information to level 3 for specific issues.
Level 3: Security Expert
The level 3 team, multidisciplinary experts in network, cloud, endpoint analysis, will support level 2 for the possible resolution of complex incidents remotely.
SOC Manager: Service Manager

Procedure

Forensics offers a comprehensive security incident management procedure.

SECURITY LEVELS

Definition of stricter policies based on the criticality of defined assets. Identification of affected resources and their causes, promoting efficiency.

INFORMATION CORRELATION

It has a large number of correlations and default rules based on best practices. Detection algorithms and machine learning

THREAT INTELLIGENCE

Private sources: originated by malware analysts. Open Source Intelligence (OSINT) sources. Own intelligence sources: information directly from attackers through the use of honeypots.

DETECTION

Threshold, behavior, and anomaly rules are established based on the monitoring conducted and the correlations between them.

WHAT WE OFFER IT WITH

Endpoint Detection Response

Elastic Security enables detection, investigation and response to constantly evolving threats, allowing increased visibility and control of the customer’s infrastructure.

SIEM: Elastic Security

Elastic Security enables detection, investigation and response to constantly evolving threats, allowing increased visibility and control of the customer’s infrastructure.

Elastic Security

Our integrations

Integration with services deployed in the organization, here are some of the most common ones:

WANNA TALK?

info@forensic-security.com

Phones:  +34 881 28 99 18 – +34 91 005 35 14