SECURITY OPERATIONS CENTER SERVICE

Purpose

  • Deploy and monitor network traffic and analyze logs from different log sources to identify attack behaviours and abnormal signs in customers’ IT systems.
  • Analyze and evaluate to detect early signs of abnormalities and send warnings to customers according to the agreed service quality commitment (SLA)
  • Investigate and respond to cybersecurity incidents in case they occur.

Scope of Services

  • According to the specific agreement, the number of log sources (servers, applications, security solutions, etc.) should be monitored.

Implementation methods

  • Conduct 24/7 monitoring at the NCS’s SOC monitoring center.
  • Monitoring and alarm information collection system is implemented and integrated according to each model following the needs of customers.
  • The team of cybersecurity experts supports the investigation and response of cybersecurity incidents for customers right from discovering the incident.
  • Provide and periodically update and fine-tune the SIEM rule set in accordance with the current status of each customer to detect early attack behaviours and abnormal signs in the customer’s IT system.
  • Periodically during the day, perform Threat Hunting based on logs/events on SIEM system.
  • Monitor and warn of security vulnerabilities, threats, and new IoCs potentially affecting customer systems.

Outcomes Result

  • Provide timely warnings to customers in case of detection of problems according to the committed service quality (SLA)
  • Weekly/monthly or ad-hoc reports as required of incidents detected during monitoring
  • Report processing for cybersecurity incidents

Implementation manpower

  • System: 1 junior + 1 senior for deployment, collecting source log, parse log.
  • Purple Team: 1 junior + 1 senior for tuning rules, adding and updating rules periodically
  • Blue Team: 9 Tier 1 + 4 team leaders serve 24/7 supervision. 1 Tier 2 staff serves daily threat hunting and focal points to discuss with customers.
  • In addition, personnel of teams such as TI, RedTeam, Malware, and System will support the monitoring and troubleshooting process.

Other Services