Managed SOC / SIEM

Bugsec Security Research TeamOperation Center, Services



Managed
SOC / SEIM

Managed
SOC / SEIM




Managed SOC / SEIM


Today, most enterprises around the world are required to invest significant resources on information security technologies and processes (e.g. Security standard certifications, Security controls implementations and so on).

That investment is critical when it comes to corporate information security, but along with that comes a very common issue in which security controls act as a separate unit. For that reason, the SIEM/SOC concept was invented, in order to centralize the collection and processing of security events that originate in the security controls or any other infrastructure component. This concept allows the enterprise to centrally monitor security events and initiate related incident response activities and by doing so to “connect the dots” between the separate enterprise units.

At the heart of BugSec’s own SOC is our monitoring team. This team analyses the security events of an organization, alerts about suspicious behavior and act as requested to eradicate those activities. Our SOC has the advantage of being able to use the expertise of our three divisions – offensive, defensive and research in order to be able to enrich the capabilities of the SOC and support it when in need.

BugSec is offering a variety of plans providing its service, full managed SOC, extending the expertise or manpower of existing SOC or help in forming a client independent SOC.

Our Managed SOC Services are custom-made for each customer according to their industry, company size, local regulations and needs. We adapt our team to the organization’s working procedures so that they will seamlessly fit in the organization. Based on this, different workflow scenarios will be established for different kinds of security incidents.


RELATED SERVICES



Back To Core Services

Today, most enterprises around the world are required to invest significant resources on information security technologies and processes (e.g. Security standard certifications, Security controls implementations and so on).
That investment is very important when it comes to corporate information security, but along with that comes a very common major issue in which security controls act as a separate unit unaware of the real business procedures that are essential to the enterprise.

For that reason, the SIEM/SOC concept was invented, in order to centralize the collection and processing of security events that originate in the security controls or any other infrastructure component. This concept allows the enterprise to centrally monitor security events and initiate related incident response activities and by doing so to “connect the dots” between the separate enterprise units.

Enterprises, government agencies and other sectors are investing a lot of their time and resources in building SIEM/SOC capabilities. However, they are mostly monitoring only what is obvious and easy to see, without investing time adjusting the security monitoring for core business / technological processes and their relevant components.

To address this issue, Bugsec Ltd. is inaugurating a new service that allows organizations to evaluate their SIEM/SOC Visibility and Effectiveness.
This service includes the following three components:
• Professional examination of the SIEM implementation and architecture (Visibility) – to provide a professional opinion about the correct implementation and architecture of the SIEM technology in place, in order to identify gaps in the existing SIEM architecture and implementation.
• Examination of the SIEM / SOC rules and Incident Response activities (Effectiveness) – to map and understand the current SIEM rule base, and to map and understand the existing incident response procedures and activities, in order to locate the blind spots in the security monitoring puzzle. This examination helps achieve a full picture of the way in which the SIEM rules are implemented, identifying all deficiencies in the security controls.
• Testing the effectiveness of SOC operations (Attack) – The goal of this test is to conduct attack activities for the purpose of testing the effectiveness and the workflow of the SOC team during the attack and by assessing the defensive work procedures on the other hand (Red Team vs. Blue Team).

The service concludes with a detailed professional assessment that will include practical recommendations for all the components with an evaluation of the enterprise SOC level, organized by severity and potential outcome.

BugSec has various models of how to help organizations with their SOC operations. We can be subcontractors of the organization or even supply them with full-time employees to be incorporated into their own SOC.
A few examples of how organizations could use BugSec’s expertise for SOC services:
– Manpower substitution to the end client (unbranded or BugSec branded)
– Manpower substitution to a service delivery client (branded as the service delivery client)
– 24/7 analysts, working for the client but with the client managing the SOC team
– On-call escalation experts to support organization’s SOC staff when incidents occur
– On-call temporary staff to fill-in for vacation, etc.
– Supplying an entire SOC team to be installed inside the customer’s organization
– Designing of the architecture of an organization’s network monitoring capability
– BugSec sending a SOC Manager to manage and train the organization’s SOC team
– Etc.

We even have the possibility for organizations to completely outsource their SOC and to manage the SOC for them.

At the heart of BugSec’s own SOC is our near real-time monitoring team. This team analyses the security events of an organization and manages their security posture and the way to handle possible incidents.
Our SOC has the advantage of being able to use the expertise of our three divisions – offensive, defensive and R&D in order to be able to manage the organization’s security events and incidents in the best possible way.

Our managed SOC services are custom-made for each customer according to their industry, company size, local regulations and needs.
We adapt our team to the organization’s working procedures so that they will seamlessly fit in the organization.
Following this adaptation, our SOC team will know what the organization’s procedures are and how to work with the various departments of the organization.
Based on this, different workflow scenarios will be established for different kinds of security incidents.

The SOC is available 24/7 and is constantly monitoring the existing organization’s security controls to see how they cope with potential threats and incidents.

If and when an incident occurs, we will immediately see it and will be able, following the workflow charts established, to start performing incident response activities with the organization’s personnel, but also with BugSec’s own incident response team.

By combining all these team together, BugSec’s managed SOC is able to greatly reduce security incidents within our customer’s organizations and to better manage and solve potential security breaches.



WANT TO WORK WITH US?


Let’s Talk