Being one of the fastest growing CYBER SECURITY companies in GCC, Virus Rescuers is an information security monitoring company that protects networks through continuous monitoring.
Our continuous monitoring includes threat detection and response services in near real time. These security monitoring services meet the needs of small and midsized businesses as well as distributed networks of larger enterprises.
In order to do this, we invested heavily in advanced cloud-based Security Information & Event Management (SIEM) and combined that with Security Operations Center (SOC.) We then staffed our SOC with highly skilled security engineers and Incident Response Team (IRT) to analyze and respond to threats 24x7x365.
What does a SOC do?
The key aims of a SOC are:
- to detect and respond to threats, keeping the information held on systems and networks secure
- to increase resilience by learning about the changing threat landscape (both malicious and non-malicious, internal and external)
- to identify and address negligent or criminal behaviours
- to derive business intelligence about user behaviors in order to shape and prioritize the development of technologies
Why might you need a SOC?
Some examples of why you might need a SOC include:
- you are running an online service for the public
- you host a number of sensitive databases which are accessed by staff on your premises, by remote staff, or by customers or partners
- you have several different office locations and a unified security function delivers cost savings
- you share large quantities of sensitive data with other organisations
- you require a single point of visibility for all your threats
What type of SOC is best for you?
SOCs come in a variety of flavours and can cover the entire incident management process. This can include:
- integration, management and review of traffic feeds
- protective monitoring
- initial triage and analysis
- vulnerability management
- alerting and response
- incident management
- root cause analysis
- patching & remediation
- correlation management, Security Information and Event Management (SIEM) tuning
- continuous improvement
- key management
Get SECURED Now
An SOC exists to help manage your risks more effectively, which means the SOC itself must be protected adequately. A SOC must have mechanisms, processes and procedures to ensure that it can protect itself against threats comparative to those being faced by its customers. This includes protecting the service itself, and also the data within it.
The SOC provider must be able to demonstrate that they understand the architecture of their monitoring system. A supplier ought to be able to provide documentation to include:
- an overview of the system elements, such as perimeter, host and network, and specific application-based agents
- clearly annotated network diagrams, which demonstrate a comprehensive understanding of how the SOC architecture is designed and managed
- related technical documentation which demonstrates how architectural components are used to actively monitor the environment
- mechanisms for managing the control of privileged user access
- the monitoring and control of privileged user access, demonstrating an understanding of who has access and their activity
- which parts of the architecture allow for automation, and which parts require analysts
- descriptions of what the sensors within the monitoring service actually do
A good SOC needs you to work with it. It’s not uncommon for SOC suppliers to send their customers alerts, but to never receive a reply. Obviously, an organisation should not derive any security from simply knowing that a SOC is in place.
Contact US now for more information.