Our Managed SOC (security operation center) is a managed service that leverages a Threat Monitoring Platform detecting malicious and suspicious activity across three critical attack vectors: Endpoint | Network | Cloud. This service is comprised of an elite team of security veterans and experts who proactively hunt and investigate threat activity across your network and cloud infrastructure. The highly-trained security analyst team performs the triage of detections and works directly with our Local team on the remediation when an actionable threat is discovered.
Backed by veterans who've been at the forefront of investigating global threats such as Code Red Worm (2001), Slammer (2003), Stuxnet (2010), Cryptolocker trojan (2013) and the recent Bluekeep exploit in 2019, we are one step ahead of attackers. The combination of AI Threat Analytics, 24x7 Continuous Monitoring / Triage / Reporting by Elite Veteran Security Analyst, Local Elite Security Analysts Investigation/Remediation, and Industry Leading Customer Service and Support, we’re able to enhance the security footprint of your organization in a significant way.
KEY SOC FEATURES
SIEMLESS LOG MONITORING
Monitor, search, alert and report on the 3 attack pillars: network, cloud and endpoint log data spanning:
• Windows & macOS security events
• Firewall & network device events
• Office 365 & Azure AD cloud events
THREAT INTELLIGENCE & HUNTING
Real-time threat intelligence monitoring, connecting to premium intel feed partners giving our customers the largest global repository of threat indicators. Our SOC Analysts utilize intel telemetry to hunt bad actors.
BREACH DETECTION
Detect adversaries that evade traditional cyber defenses such as Firewalls and AV. Identifies attacker TTPs and aligns with Mitre Att&ck, producing a forensic timeline of chronological events to deter the intruder before a breach occurs.
INTRUSION MONITORING
Real-time monitoring of malicious and suspicious activity, identifying indicators such as:
• connections to terrorist nations
• unauthorized TCP/UDP services
• backdoor connections to C2 servers
RANSOMWARE ISOLATION
We can detect when an endpoint is being exploited and our system automatically isolates the node from the rest of the network while allowing our Security Analyst isolated tunneled access to the endpoint to continue with remediation procedures while the node is unable to spread the compromise to other network devices.
INCIDENT REPORTING
Our SOC analysts investigate each alert, triaging the data and producing a ticket directly to our PSA system accompanied with the remedy details so our Local Analysts can efficiently perform remediation. Automated security reports to the client provides transparency on the Cyber Security Health of the Network.