security operation centre (SOC)

Early identification of, and efficient action against, cyber attacks is critical given the security threats in the modern digital world

systems for attack identification

A security operation centre (SOC) continuously oversees the IT, OT, and IoT devices, networks, and applications of an organisation. At the same time security data from these sources is collected and correlated in a central system, allowing for assessment through the use of algorithms and analysis tools. Using this methodology, trends and behaviour patterns in the collected data can be identified, making possible the identification of deviations from these trends which may indicate evidence of a cyber attack. These deviations must then be investigated. 
In summary, SOC is a system which allows for the early recognition and remediation of cyber attacks.

 

Much more than just technology

A SOC is much more than a technology dedicated to early detection of cyber attacks. This early detection mechanism is only useful if a business can appropriately react to the warning signals provided. Therefore, SOC is a highly specialised organisation designed to identify, analyse, and react to digital threats.

Additionally, a SOC should be understood as an approach to digital security that utlises the expertise of staff across the organisation, and which integrates procedural efficiency and the delivery capabilities of products and technologies. The seamless interaction of these elements is the decisive factor in whether a SOC is effective and efficient.

our offer

Our offer combines expertise in regards to existing standards and expected performance with proven experience in SOC implementation. Central to our approach is a focus on the integration of organisational, procedural and technological factors in a SOC service.

We begin with an analysis of the current situation within an organisation and the areas that require improvement, as only through this analysis can we develop a tailored SOC-concept with you. We define the parameters and key goals, evaluate your needs and interests and you confirm requirements (in particular through interviews and workshops)

 

In the high-level concept we compare the current situation with the "Good-Practices" we have identified through our experience engaging with SOC projects. We define the Information Security Framework as a key input for the drafting of a high-level SOC concept. This outlines various proposed service and operational models and assesses how they could be integrated into your organisational structure and processes. This concept will later act as a basis for a decision on the optimal approach to be taken.

 

In the detailed concept we go one step deeper and define the service and operational model in detail. Target models at a production level are developed, implementation plans are drafted, and the required tools and impacted interfaces are identified. In this phase we particularly focus on ensuring that the SOC model will conform with TCO requirements over the longer term

 

The fourth phase is the implementation phase. We support you during this phase by ensuring both quality in delivery and alignment with the agreed parameters and approach identified in the detailed conception. This includes support in activities related to the selection of technologies and partners, as well as the procedural, technological, and organisational rollout of your SOC service. 

The methodological basis for our activities is a maturity assessment model to review the contractual, technical, procedural, and organisational maturity of the SOC service.