Security Operations Center (SOC)
A Security Operations Center, sometimes called an Information Security Operations Center or ISOC, is an internal or outsourced team of IT security professionals that monitors an organisation's entire IT infrastructure around the clock to detect cybersecurity events in real time and remediate them as quickly and effectively as possible.
Core task of a SOC
- Minimisation, detection and analysis of IT security risks
- Elimination, description and control of risks
- Support in the implementation of measures and initiation of evidence gathering in the event of suspicions or incidents
Advantages of a SOC
- Competence unit for combating and preventing cyber threats
- Central location of all security-relevant systems
- Protection of IT infrastructure and data against internal and external threats
- Risk reduction in all security-relevant areas
- Ensuring compliance with legal requirements regarding the detection and handling of cyber attacks
SOC as a Service
Managed Detection
With SIEM (Security Information and Event Management) as a Service, we offer comprehensive, transparent IT security monitoring for your entire IT infrastructure. SIEM captures log and event data generated by applications, security devices and host systems and stores it on a central platform. The software collects data from antivirus solutions, firewall log files and other locations and classifies it into categories, such as malware activity and failed or successful logins. If it detects a threat in the process, it triggers an alert and indicates a threat level according to predefined rules.
With Endpoint Detection & Response as a Service, we detect suspicious or threatening activities on all your endpoints quickly and reliably. All background processes and activities on the devices are monitored: program executions and modifications, registry changes, network connections and the like. As soon as they appear suspicious, we intervene.
The main task of vulnerability management is to check IT systems for known technical vulnerabilities or security gaps. Any vulnerabilities are identified on the basis of a continuously updated list of vulnerabilities. This is based both on the "Common Vulnerabilities & Exposures" database and on notifications published by the manufacturers themselves.
Threat Hunting is the search and detection of IoC in the IT infrastructure of a company. On the one hand, this is triggered by an already existing suspicion of a compromise or signs of an IT security incident, which result in a forensic analysis in the form of threat hunting. On the other hand, threat hunting is dedicated to the active search for ongoing attacks or preparatory threatening activities that have already been able to overcome existing defenses and security controls.
Managed Response
"A successful and correct response to an IT security incident can only be made if the state of the system under investigation corresponds as far as possible to the state at the time of suspicion." Managed Response includes, on the one hand, preventive measures to improve the capabilities in the corporate environment to collect resilient or forensically secure digital traces and, on the other hand, to conduct IT forensic investigations according to recognized rules of technology in the event of suspicions or incidents.
Managed Intelligence
Threat Intelligence is evidence-based information about cyberattacks. This intelligence helps organizations stay informed about new threats so they can protect themselves.
Open source intelligence (OSINT for short) is the term used to describe research using publicly available information. It involves using various sources, such as Google, LinkedIn and Twitter, to gather data on a pre-declared target. The knowledge gained from this is incorporated into defensive measures and defense strategies.
Managed Risk
During a penetration test, the tester acts like a potential attacker. He uses the same tools, information sources and tries to bypass the implemented security measures unnoticed. For example, temporary vulnerabilities or structural problems of networks, hardware and software are revealed. In contrast to a real attack, the type as well as the scope of the tests are coordinated with the responsible persons beforehand and during the execution. In addition to documenting the procedure, a comprehensive report evaluates the current security level and makes suggestions for improvement.
The Cybersecurity Assessment is used to determine the maturity level of an organisation's cyber security based on the Center of Internet Security (CIS) Critical Security Controls. The CIS Critical Security Controls represent the most respected standard for effective cyber defense. They provide specific and actionable ways to stop today's most widespread and dangerous cyberattacks. The CIS Critical Security Controls do not attempt to replace comprehensive standards such as ISO 27001/27002, BSI IT-Grundschutz or the NIST Cybersecurity Framework. A key advantage of the CIS Controls is that they are derived from the most common attack patterns and enable rapid identification of the necessary next steps.
Benefits and services
- 24/7 availability
- Separate premises with access control
- Sufficient number of office and control center workstations
- BSI-accredited APT response service provider
- ISO 27001 / ISO 9001 certifications
Dedicated Internet access
Trained IT forensic specialists
Information security specialists
IT security experts
A strong team of SOC experts: many years of expertise, bundled competence & secure customers
DigiFors
- Service provider in the field of digital forensics and IT security since 2011
- Digital forensic expert in criminal proceedings
- Service provider for police, courts, public prosecution offices
- Three-digit number of cases and proceedings per year as well as petabyte data volumes to be analyzed
- Recognized qualifications, many years of experience and IT expertise
- APT response service provider (BSI accredited)
Softline
- IT consulting and services since 2010, internationally active
- Specialist in the field of ITAM, IT and information security as well as cloud and digital workplace
- Information security and data protection consulting
- IT security consulting (conception, design, integration, operation)
- recognized qualifications, many years of experience and Infosec specialists
- T.I.S.P / Lead Auditors ISO 27001 / Cybersecurity
- certified according to ISO 27001 / ISO 9001 / TISAX
