SOC as a Service – Remote monitoring
The CISO4U team, in addition to providing a team of specialists and the necessary procedures and documents, provides customers with remote monitoring or “SOC as a Service”.
The data is collected in the client’s IT network in a similar way as in the case of local SOC. The main difference is. that the data are aggregated locally (data aggregators), and then sent via an encrypted link to the SIEM system located CISO4U.
With the collected data and an environment equipped with tools such as SIEM and SOAR, and having the backing of a professional team of Line I, II and III experts, our team provides full monitoring of the client’s systems.
Providing continuous monitoring in a 24/7 model, CISO4U supports the client in detecting threats, countering them, as well as providing incident handling, including ensuring compliance with regulatory requirements such as NIS2, RODO and DORA. Ensuring regulatory compliance allows the Client to “take off” the risk of being burdened with administrative fines of up to €20 million or 4% of the company’s worldwide turnover for the previous fiscal year – whichever is higher.
[SIEM] Security Information and Event Management
– a system for collecting information from IT networks (logs), analyzing, correlating and detecting potentially dangerous situations
[SOAR] – Security Orchestration, Automation and Response
– it is a technical solution that enables cyber security teams to process data and security alerts from various sources, automatization of activities based on ML&AI solutions and designing and programming “playbooks” by which the efficiency and effectiveness of the team’s SOC increases.
[Line L1 – Triage / Incident Handler]
Line one specialists monitor and alert about security incidents detected in the infrastructure. They observe logs, processes and systems and apply advanced techniques to collect and compare data from various sources (MITRE, Cyber Kill Chain) to detect unusual activity in the infrastructure. Once a possible incident is detected, the 1st Line logs and describes the incident in the notification logging system and notifies the 2nd Line SOC. Level 1 personnel can also manage security tools (e.g., firewall) and generate regular reports.
[Line L2 – Incident Responder]
Second Line specialists resolve complex incidents, respond and coordinate responses to major incidents. When the 1st line identifies or registers a critical or high-level problem that is beyond the competence of this line and requires immediate action, the second-line specialist takes over the handling of the incident. The Line II specialist also takes action in the configuration of incident detection equipment and systems, closes incidents, and maintains constant contact with the Line III team (CERT/CSIRT).
[Line L3 – Threat Hunter, Reverse engineering, Threat Intel]
Third Line specialists conduct specialized activities to support incident resolution and handling, including digital analysis of electronic documents or “reverse engineering” malware analysis. When malware is identified or user activities require analysis of digital data in handling an incident, Third Line SOC support is enlisted. In this area, malware activity is analyzed – “backward analysis”, analysis of digital materials – computer forensics. The Third Line team also carries out training activities, information collection and analysis, and development of CTI threat reports.
In some activities in the area of cyber security, it is also part of the team that implements security tests (vulnerability tests, penetration tests).
Security Operations Center Solutions
SOC as a Service – Remote monitoring
CISO as a Service – providing specialists
IEC 62443 Cybersecurity Audits
Ensuring compliance with NIS2, DORA, CER