SOC – Security Operation Center (as a Service)



SOC (Security Operation Center) is often synonymous with managed security. The actions carried out by these departments (BLUE and Red Team), in fact, have the task of collecting, filtering and correlating any type of information (LOG), producing events that can promptly reveal any possible attempt to attack the technological infrastructures.

The BLUE Team, therefore, constantly works by investigating each event collected and investigating the security status of the entire infrastructure.

Advanced and specific control and analysis tools, assiduously optimized by SOC analysts through a scrupulous refining of the Detection rules, act in symbiosis by considerably reducing the detection times of cyber attacks, limiting the damaging effects of a Databreach and thus guaranteeing a valuable security service.


SOCaas, represents a fully managed Security service, guaranteeing a higher level of security that involves all the technological infrastructure.

Trained through the use of customized tools, and the continuous action of the BLUE Team, he offers stratified security types, obtained with the adoption of Defense in Depth models created directly by L&W SOC analysts in response to the continuous and specific needs of Safety.

The provision of the service includes an in-depth study of the infrastructure in use that produces customized and packaged Event Handlers to provide specific results, aligned with the real needs of companies.

The results of these activities are detailed in periodic reports that highlight the level of contrast implemented against cyber threats, thus exposing the effectiveness of the contracted service.


  • It allows you to identify and prevent cyber attacks on devices, systems and applications
  • It uses AI (Artificial Intelligence) technologies to ensure effective analysis and correlation interventions
  • It reduces the risks caused by cyber attacks
  • Ensures prompt interventions by the SOC by preventing potential threats
  • It prevents access to the infrastructure by blocking attacks in progress remotely
  • Reset the timing of the engagement of the Incidents

Service managed through tools specifically oriented to the Detection & Response of targeted attacks on systems, applications or devices

Provides detailed reports on identified vulnerabilities, suggesting REMEDIATION operations suitable for remedying the various criticalities, guaranteeing higher levels of security

Identifies a large number of different vulnerabilities allowing to implement targeted and effective hardening policies, refining the results through constant review and integration

It allows you to assess with great precision the level of exposure of systems, applications and devices to vulnerabilities, highlighting all the risks generated by the attack surfaces created by the various criticalities detected in the technological infrastructure

It fully responds to the need to extract, in real time, detailed information on the security levels of IT infrastructures, effectively counteracting any threats present in the monitored systems

It presents the enforcement actions carried out by the SOC for the containment of cyber threats


Service Manager


Service Desk Operator


Support Level 1°


Support Level 2°


Support Level 3°




AntiMalaware Suite Management
  • Maintenance and Review of Antivirus Software Configurations (Vendor Agnostic) in compliance with the Best Practices endorsed by Lan &
  • Wan Solutions Security Engineers
  • Periodic check of AM agents and EDR module on Endpoints (Client / Server)
  • Check exclusions and whitelists applied to security engines
  • Periodic check on the application of Updates on AM / EDR solutions


AntiSpam Suite Management
  • Maintenance and Review of Antispam Configurations (Vendor Agnostic) in compliance with the Best Practices certified by Lan & Wan Solutions Security Engineers
  • Continuos fine tuning and decrease of the “False Positive Rate”
  • Redirect & Analysis of malicious emails to L&W honeypots
  • Periodic check on the application of Updates on AS solutions
  • Continuos Improvement management for workflow optimization and corporate Security Posture in the Mail-SE area


Threat intelligence Service as a Service
  • Artificial Intelligence (AI) tools for threat correlation and Incident Prevention applied to NGFW (Next Generation Firewall) devices
  • Event monitoring managed directly by specialized SOC Engineers
  • Core correlation of possible 0-Day attacks, implemented by Threat intelligence Service tools
  • Automated 24/7 Dynamic IOCs Blacklisting & Response


Environment Log Analysis
  • Periodic check of SIEM agents on contracted devices / systems
  • Collection, analysis and correlation of SECURITY logs generated by devices and systems in the infrastructure involved (NGFW, Proxy, IDS, IDRS, …)
  • Detailed analysis of the events generated by L&W SIEM components
  • Improvement management for optimization of data collection and analysis service levels
  • SIEM Agents and Logs Collector optimization


Vulnerability Management
  • Periodic scanning and analysis of vulnerabilities on systems, applications and devices
  • Identification, analysis and sharing of the vulnerabilities detected
  • Reporting on the state of exposure of the infrastructure and the security levels detected
  • Sharing of critical issues with the customer and identification of applicable countermeasures (Remediation Plan)


Security Policy Mgmt
  • Analysis and sharing of security level optimization areas on Backup processes, domain Security Policies and user authentication policies
  • Involvement of the SL1 + SL2 + SL3 team for security problem analysis
  • Sharing the need for Improvement on security areas of the entire technological infrastructure


S.O.C. Monitoring
  • CONTINUOUS (24 x 7), PROACTIVE (8 x 5) Monitoring Service provided by the S.O.C. of L&W on the contracted customer infrastructure
  • Cyber Threats Containment Service with Artificial Intelligence Blacklist Engines tools (24 x 7)
  • Forwarding to the customer, via e-mail, of CRITICAL alerts that lead to possible attacks and / or detection of anomalies on the monitored customer infrastructure
  • Alert management – data analysis and correlation in relation to CRITICAL alerts generated by the monitored customer infrastructure
  • Sharing of security levels of contracted systems and instruments
  • MALWARE Analysis – analysis of malicious payloads detected according to the contractual SLAs
  • THREAT Analysis – analysis of threats deriving from misconfigurations and vulnerabilities detected by the correlation of events
  • Continuos Security Automation & Improvement (Reserach & Develop) and sharing with the customer


Security Incident Response
  • INCIDENT Response (max 10 Incidents x Y) – Containment & Eradication of detected cyber attacks
  • Restoration of security on the endpoints involved in the attacks, in relation to the Incidents detected and according to the contractual SLAs
  • Registration, Classification and Reporting on detected / managed Incidents


  • Ordinary system interventions other than those contracted
  • Problem management, patching activities, backup processes and policies, technical interventions on Mail server, PBX, Domain Controller or Systems and applications other than Antimalware and Antispam
  • Problem solving not related to IT Security areas
  • Problem management on security configurations not endorsed by the Security Operation Center

Lan & Wan Solutions promuove i suoi servizi di Cyber ​​Security con un RED & BLUE TEAM altamente qualificato