SOC as a Service

SOC as a
Service

The Secure Sphere SOC objectives

Our Security Operations Centre (SOC) is built on industry-leading cyber security solutions and manned 24/7/365, with a human response team monitoring and responding to threats in real-time.

The Secure Sphere SOC is a 24-hour Security Operations Centre with a multi-tiered structure of specialist Security Analysts fully capable of analysing incoming events in real-time and responding to cyber security threats.

The Secure Sphere SOC is built and run based on industry best practices with a defined and tested methodology built around our People, Processes, and Technology which ensures an efficient and highly effective operation.

We believe that our clients should be able to benefit from their existing technology investment, that’s why we embrace the term Bring Your Own Technology. Secure Sphere will leverage the security technology already in place and overlay our People and Processes. Where it makes sense, Secure Sphere will recommend security controls or technology to further secure the environment.

Detect and respond to threats

To detect and respond to threats, analysing and performing triage to ensure the security of the environment and the data.

Increase resilience

Increase resilience by examining the continually shifting threat landscape of malicious and non-malicious threats.

Respond promptly and effectively

To respond promptly and effectively to incidents to minimise the disruption that attacks may cause.

Clear and understandable management information

To produce clear and understandable management information detailing the threat landscape, leading to strategic improvements of your environment to further enhance your security standards.

The Service includes the following

01.

Security Incident and Event
Management (SIEM)

Collecting events and logs from across your full IT environment creates the visibility needed to know what security incidents and threats may be inside your networks or attempting to get in.

02.

Real-time threat
detection

Knowing about a threat or attack at the time it happens is vital for quick remediation and minimizing or preventing an incident from causing financial or reputational damage to your organisation.

03.

Global Threat Intelligence Feeds

Tapping into the world’s network of intelligence feeds adds rich context by correlating known bad actors and IOCs with events and traffic to and from your network ensuring even the latest threats are identified.

04.

Vulnerability Identification & Management

The vulnerabilities in IT systems (be they servers, endpoints, or infrastructure devices) are the weaknesses targeted and exploited in almost all successful breaches. Identifying and remediating these is crucial to preventing systems from being compromised.

05.

Network Intrusion
Detection

Network Intrusion Detection Systems (NIDS) monitor and analyse network traffic and events for suspicious or malicious activity using sensors that provide management and network monitoring interfaces to networks and network devices.

06.

Darkweb Monitoring for Compromised Credentials

Whether a company has compromised user accounts being published or is on a list of targeted organisations or even being discussed amongst the hacker groups, this usually occurs within the dark web. Dark Web monitoring is performed by systems and covert agents that offer feedback and report on any references being made about the organisation’s user credentials.

07.

Cloud Integration and Monitoring

With more companies migrating systems to the cloud for hosting or consuming cloud-based SaaS, it is vital that the security of these systems is on-point! Visibility into these cloud systems, either through systems logs, platform event triggers or direct integration is critical in identifying and mitigating security threats in these environments.

08.

Threat Hunting

Automated systems and tools are not capable of identifying 100% of all malicious activity in an environment. The practice of threat hunting is proactively searching for threats in your environment where malicious actors may have avoided being detected by existing tools. Whether it manually scanning samples of logs, investigating unusual traffic, or digging deep into a specific transaction, this human interaction with your systems is the ‘cherry on the top’ of a good security strategy.

A key benefit of leveraging the Secure Sphere SOC is that any Indicator of Compromise (IOC) discovered by the team can be correlated and shared with all clients. This creates community-based immunity.