Security Supervision as a Service

The AUTOCONT Security Operation Center (AC SOC) offers monitoring, supervision, analysis, and design of corrective measures. Cooperates on their implementation and performs the necessary testing.

AC SOC

For companies, the supervision of security incidents and events means maintaining a high level of administrators, analysts, and security experts. That is the only way to prevent threats and minimize the consequences of past attacks.

Another way is to use the services of the Security Operation Center (SOC) and entrust the supervision of incidents to an experienced security team. It is the option to reduce costs while increasing the company's security.

Thanks to a strategic partnership with AlienVault and usage of the surveillance system based on the Unified Security Manager product, we can offer our customers security surveillance as a service through our security team with our own Security Operation Center.

What makes us unique?

  • Using the selected AlienVault USM tool, we use advanced detection mechanisms that also work with information from other security areas, such as working with assets, vulnerabilities, disruptions, etc.
  • AlienVault Labs and the community environment of open security information exchange - OTX allows us to use a wide "intelligence base of threats" such as the reputation of IP addresses, domains, etc.
  • Our solution runs on the principle of a federated model, which allows us to replicate to our AC SOC only a database of cyber events and incidents. The original "RAW" time-stamped and digitally signed data is stored at the customer's location as evidence for future possible forensic investigations.
  • The close connection with the AC Network Operation Center allows us to use the background of joint dispatching, remote administration, operational monitoring, L1 support. And especially the potential of dozens of specialists whose know-how covers deep knowledge of the complete IT environment of our customers from various commercial fields and industries and public administration.

What is SOC, and how does it works in AC?

The monitoring system generates events waiting for further processing, analysis and response. Here comes the human factor, which determines the environment and the customer's interests, whether it is an actual cyber security incident. However, that is not an easy task. A functioning team of highly qualified IT security specialists is necessary to ensure constant security supervision, using the Security Operation Centre's (SOC) process and technologically advanced features.

The security team and SOC itself are economically unaffordable for most companies and organizations. Therefore, AUTOCONT has built its Security Operation Center (AC SOC) and provides AC Security Supervision services to customers through this shared facility, primarily through its security team. Every customer using the AC Security Supervision services is connected to the "Federation Server" located in the AC SOC environment. All locally generated cyber security events, alarms, and incidents of each customer are securely replicated to this server. Thus the security team has a global overview of all monitored customers and can respond quickly and purposefully.

AC Security Supervision Services Offer

Advanced Security Supervision

  • Environmental analysis, identification of technical assets and impact analysis
  • Naming responsible people and setting specific metrics
  • Setting up the logs collection, according to the requirements of legislation and compliance, so that it monitors the individual risks of a particular asset - the definition of detection processes
  • Definition of reaction processes that comply with applicable legislation, following regulatory conditions and with the customer's security policy and strategy ("Response Plan")
  • If the service includes the lease of SIEMU, including HW, it also deals with the collection and storage of logs
  • Prophylaxis of the provided HW and SW every month
  • Log analysis and correlation of events in real-time
  • Event analysis and identification and classification of possible incidents
  • Alerting in real-time using essential communication tools: e-mail, SMS, telephone
  • Reporting
    • monthly report of events and incidents with proposals for systematic measures ("Lessons Learn")
    • monthly „Asset Discovery” SCAN (new, discovered technical assets)
    • monthly „Vulnerability” SCAN (vulnerability scan)
    • monthly „Basic NBA” SCAN (basic overview of who communicates with whom and how often)
  • Guarantee of a technical specialist to start solving a cyber security incident within 4 hours
  • Service Desk - incident creation, solution progress reporting, Incident Response, communication with third parties - NUKIB, UOOU, CSIRT.CZ, etc.

 

AC SOC - MINI
Basic security monitoring with restrictions:

  • 100 monitored IP addressed or 1000 EPS
  • Real-Time data - min. 4 days
  • No archive
  • Finished rules
  • 30 minut meeting with SOC specialists - Lessons Learned
Do you want more information?