Managed SIEM-SOC
Security Information and Event Management
THE TARGET
Detect security breaches, security events and suspicious activity that occur in real time.
Obtain a comprehensive and accurate security status and provide a focused and detailed information to handle the event.
THE CHALLENGE
-Information security components gather millions of events on the corporate network and on company sites.
-Collection the right data, aggregation, normalization and correlation of different technologies, devices, operations and events.
-Lack of expert personnel to monitor and analyze the data.
THE WAY
See-Secure professional information security team has extensive knowledge and experience in integration of varied SIEM vendor systems.
Our team continuously defines, updates and configures aggregation, normalization and correlation of SIEM rules.
SOC
See-Secure Security Operation Center (SOC) operates 24/7
SOC separated to three tiers:
Tier 1 Analysts- Monitoring and analysing of security events and perform initial incident triage.
Tier 2 Incident - Responders providing advanced investigation
Tier 3 Subject Matter Experts -Hackers, Forensics, Reverse engineers, threat hunters
How Is It Working?
In the SIEM SOC Service, See–Secure provides the following:
​
-
Targeted security alerts – real-time alerts
-
Weekly reports - on events that occurred during the week, malware, AV, user activity (defined by the customer)
-
Monthly meeting or video conference - with an information security specialist
-
Monitoring SIEM dashboard screens - according to customer needs.
-
Response to events:
-
Proactive system
See Secure Intelligent system proactively reacts to information security incidents with pre-defined rules. -
Cyber Investigation
Identifying and gathering incident evidence, documenting, preserving, testing evidence, and reporting findings. -
Throughout the "Incident investigation”, our offensive Team will discover high level of security in every method taken. vulnerabilities such as inadequately configured communication equipment, non-secure protocol usage, misconfiguration of internal components, and non-secure development.
-
Vulnerability Assessments – optional
-
​
​