SOC – Security Operation Center (as a Service)

null

SECURITY OPERATION CENTER (SOC) … WHAT IS IT?

SOC (Security Operation Center) is often synonymous with managed security. The actions carried out by these departments (BLUE and Red Team), in fact, have the task of collecting, filtering and correlating any type of information (LOG), producing events that can promptly reveal any possible attempt to attack the technological infrastructures.

The BLUE Team, therefore, constantly works by investigating each event collected and investigating the security status of the entire infrastructure.

Advanced and specific control and analysis tools, assiduously optimized by SOC analysts through a scrupulous refining of the Detection rules, act in symbiosis by considerably reducing the detection times of cyber attacks, limiting the damaging effects of a Databreach and thus guaranteeing a valuable security service.

SECURITY MANAGED BY LAN & WAN – SOCAAS

SOCaas, represents a fully managed Security service, guaranteeing a higher level of security that involves all the technological infrastructure.

Trained through the use of customized tools, and the continuous action of the BLUE Team, he offers stratified security types, obtained with the adoption of Defense in Depth models created directly by L&W SOC analysts in response to the continuous and specific needs of Safety.

The provision of the service includes an in-depth study of the infrastructure in use that produces customized and packaged Event Handlers to provide specific results, aligned with the real needs of companies.

The results of these activities are detailed in periodic reports that highlight the level of contrast implemented against cyber threats, thus exposing the effectiveness of the contracted service.

Benefits

  • It allows you to identify and prevent cyber attacks on devices, systems and applications
  • It uses AI (Artificial Intelligence) technologies to ensure effective analysis and correlation interventions
  • It reduces the risks caused by cyber attacks
  • Ensures prompt interventions by the SOC by preventing potential threats
  • It prevents access to the infrastructure by blocking attacks in progress remotely
  • Reset the timing of the engagement of the Incidents

Service managed through tools specifically oriented to the Detection & Response of targeted attacks on systems, applications or devices

Provides detailed reports on identified vulnerabilities, suggesting REMEDIATION operations suitable for remedying the various criticalities, guaranteeing higher levels of security

Identifies a large number of different vulnerabilities allowing to implement targeted and effective hardening policies, refining the results through constant review and integration

It allows you to assess with great precision the level of exposure of systems, applications and devices to vulnerabilities, highlighting all the risks generated by the attack surfaces created by the various criticalities detected in the technological infrastructure

It fully responds to the need to extract, in real time, detailed information on the security levels of IT infrastructures, effectively counteracting any threats present in the monitored systems

It presents the enforcement actions carried out by the SOC for the containment of cyber threats

SM

null
Service Manager

SDO

null
Service Desk Operator

SL1

null
Support Level 1°

SL2

null
Support Level 2°

SL3

null
Support Level 3°

REP

null
Reperibilità

MLW

null
AntiMalaware Suite Management
  • Maintenance and Review of Antivirus Software Configurations (Vendor Agnostic) in compliance with the Best Practices endorsed by Lan &
  • Wan Solutions Security Engineers
  • Periodic check of AM agents and EDR module on Endpoints (Client / Server)
  • Check exclusions and whitelists applied to security engines
  • Periodic check on the application of Updates on AM / EDR solutions

SPM

null
AntiSpam Suite Management
  • Maintenance and Review of Antispam Configurations (Vendor Agnostic) in compliance with the Best Practices certified by Lan & Wan Solutions Security Engineers
  • Continuos fine tuning and decrease of the “False Positive Rate”
  • Redirect & Analysis of malicious emails to L&W honeypots
  • Periodic check on the application of Updates on AS solutions
  • Continuos Improvement management for workflow optimization and corporate Security Posture in the Mail-SE area

TFSaaS

null
Threat intelligence Service as a Service
  • Artificial Intelligence (AI) tools for threat correlation and Incident Prevention applied to NGFW (Next Generation Firewall) devices
  • Event monitoring managed directly by specialized SOC Engineers
  • Core correlation of possible 0-Day attacks, implemented by Threat intelligence Service tools
  • Automated 24/7 Dynamic IOCs Blacklisting & Response

SEC-LOGs

null
Environment Log Analysis
  • Periodic check of SIEM agents on contracted devices / systems
  • Collection, analysis and correlation of SECURITY logs generated by devices and systems in the infrastructure involved (NGFW, Proxy, IDS, IDRS, …)
  • Detailed analysis of the events generated by L&W SIEM components
  • Improvement management for optimization of data collection and analysis service levels
  • SIEM Agents and Logs Collector optimization

VBTY

null
Vulnerability Management
  • Periodic scanning and analysis of vulnerabilities on systems, applications and devices
  • Identification, analysis and sharing of the vulnerabilities detected
  • Reporting on the state of exposure of the infrastructure and the security levels detected
  • Sharing of critical issues with the customer and identification of applicable countermeasures (Remediation Plan)

SEC-POSTURE

null
Security Policy Mgmt
  • Analysis and sharing of security level optimization areas on Backup processes, domain Security Policies and user authentication policies
  • Involvement of the SL1 + SL2 + SL3 team for security problem analysis
  • Sharing the need for Improvement on security areas of the entire technological infrastructure

SOC

null
S.O.C. Monitoring
  • CONTINUOUS (24 x 7), PROACTIVE (8 x 5) Monitoring Service provided by the S.O.C. of L&W on the contracted customer infrastructure
  • Cyber Threats Containment Service with Artificial Intelligence Blacklist Engines tools (24 x 7)
  • Forwarding to the customer, via e-mail, of CRITICAL alerts that lead to possible attacks and / or detection of anomalies on the monitored customer infrastructure
  • Alert management – data analysis and correlation in relation to CRITICAL alerts generated by the monitored customer infrastructure
  • Sharing of security levels of contracted systems and instruments
  • MALWARE Analysis – analysis of malicious payloads detected according to the contractual SLAs
  • THREAT Analysis – analysis of threats deriving from misconfigurations and vulnerabilities detected by the correlation of events
  • Continuos Security Automation & Improvement (Reserach & Develop) and sharing with the customer

SIRT

null
Security Incident Response
  • INCIDENT Response (max 10 Incidents x Y) – Containment & Eradication of detected cyber attacks
  • Restoration of security on the endpoints involved in the attacks, in relation to the Incidents detected and according to the contractual SLAs
  • Registration, Classification and Reporting on detected / managed Incidents

EXCLUSIONS

null
  • Ordinary system interventions other than those contracted
  • Problem management, patching activities, backup processes and policies, technical interventions on Mail server, PBX, Domain Controller or Systems and applications other than Antimalware and Antispam
  • Problem solving not related to IT Security areas
  • Problem management on security configurations not endorsed by the Security Operation Center

Lan & Wan Solutions promuove i suoi servizi di Cyber ​​Security con un RED & BLUE TEAM altamente qualificato

Menu