Griffinix offers its clients implementation services of a comprehensive system for monitoring security events on the information system, including specialized OS support.
Proactive and comprehensive monitoring of security events on information systems is one of today's major security challenges for most companies. Although investments in information security products and solutions are continuously growing, the number of security incidents is still on the rise and losses from successful cyber-attacks are getting bigger and bigger.
Cyber security challenges
Some of the key challenges that companies are facing related to proactive security monitoring are listed below.
- Although companies are increasingly investing in various security tools such as NG firewalls, EDR endpoint solutions, SIEM systems, IDS / IPS systems etc., lack of time and human resources with the necessary knowledge and skills significantly affects the company's operational efficiency regarding proactive monitoring of security events.
- Protective threats are becoming more and more customized to the individual organizations. Daily media coverage of security incidents shows that the ability of many companies is still insufficient to detect and prevent such types of attacks.
- The number of events and alarms that various security monitoring systems generate per day has increased so much that traditional search and correlation techniques are not sufficient any more. Now days companies are required to use advanced tools that will be able to analyze generated records in real time and correlate them between multiple heterogeneous sources.
- Reactive vs. proactive approach - effective protection of the information system from advanced threats requires a proactive approach where security experts will proactively analyze events on the information system and discover potential security incidents. Clearly reactive action today is considered inadequate.
Griffinix is one of the leading information security companies with abundant experience in implementation of the SIEM systems and implementation of Security Operations Centers (SOC). Griffinix offers its clients implementation services of a comprehensive system for monitoring security events on the information system, including specialized OS support.
The outsourcing of operational security monitoring of the information system to clients brings numerous benefits:
- Improved security through better monitoring of security events. Rich experience and specialized knowledge in offensive and defensive security provides a high level of detection capability and the prevention of potentially illegal activities.
- Lower costs. It is well known that outsourcing in certain cases can bring significant savings, especially in activities that are not the primary business of the company and require a high level of knowledge and expertise. Security monitoring of the information system is one of those activities and is certainly a good candidate for outsourcing
The basic features of Griffinix Managed SOC services are described below.
Proactive security monitoring
Managed SOC service provides the user with continuous monitoring of security events on the information system in accordance with the agreed level of service (SLA). A team of specialized specialists is organized in teams with clearly defined roles and responsibilities to monitor security events.
The security monitoring process is governed by procedures that define security event control rules and policies for detecting potentially malicious activities. In case of detection of suspicious events escalation procedures and communication rules are defined (in collaboration with client) so that efficient response to detected threats is achieved.
Incident response (IR)
In addition to monitoring of security events, Managed SOC services also include an active response to reported security incidents or customer support when solving them.
For this purpose, the processes and procedures that define the ways in which to deal with the incidents, the rules and the hierarchy of communication, the way of exchange of information, etc. are agreed with the client.
Griffinix experience in solving and analyzing security incidents enables efficient response to detected incidents and their timely removal.
Threat Intelligence (TI)
Griffinix Managed SOC uses the so-called " Threat Intelligence Services” in order to raise the level of ability to detect potential incidents. IT services enable the enrichment of information collected through regular operational security monitoring with other internal and external sources of relevant security threats.
In this way, the detected security events provide an additional context that enables better decision making and response to detected security events.
Within Griffinix Managed SOC Services, Griffinix has established its own TI infrastructure that is closely integrated with other security monitoring processes.
Threat hunting (TH)
The reaction to security events on the information system is usually of a reactive character, which is in some way expected. The problem with this approach is that organizations have on average an extremely low ability to detect security incidents and as such are unable to detect a compromised information system for a longer period. Research shows that the average time needed to detect security incidents is in dozens, sometimes hundreds of days, which is unacceptable from a business perspective.
Threat hunting in some ways changes the method to detection of incidents by providing information and logs available for proactive investigation of incidents on the information system. Instead of detecting an incident based on random events or alarms that may sometimes be absent if the attacker is sufficiently skilled and well prepared, threat hunting implies a proactive analysis and detection of potential compromise indicators. Griffinix Managed SOC service also provides such a form of security monitoring.
Skills and competences
Griffinix is a company with many years of experience in offensive and defensive security, and one of the key segments of services provided is the implementation of the SIEM system and the organization of Security Operations Centers (SOC). An experienced team of security specialists ensures a high level of professionalism and quality of service, while internal management systems are aligned with ISO 27001 and ISO 9001 standards to ensure quality and maturity of the processes.
In addition to our many years of experience, our security specialists are also holders of a numerous security certificates from leading world organizations such as ISC2, ISACA, EC-Council etc.
Project road map
The implementation process of Managed SOC Services consists of the following steps:
- Agreement on project scope, service levels and terms and conditions - determining the scope of the implementation, the level of service provided, expected response time, connectivity, etc.
- Information system preparation - the client information system is set up to record all the security events that are critical for timely detection and prevention of security incidents. Also, infrastructure required for automated collection and processing of collected logs that ensures the highest levels of detection reliability is prepared.
- Integration and configuration of key services - through this activity tailoring of key SOC services are tailored such as centralized logging and logging systems, incident reporting tools, and user-friendly communication tools, TIs, etc. is conducted.
- Harmonizing operational procedures and defining roles and responsibilities - this activity defines the operational mechanisms of handling and responding to security incidents as well as the rules of communication and working with the client. The goal of this activity is to clearly define the roles and responsibilities of each interested party to ensure reliable operation of the system.
- Functional System Testing - basic testing of all key functionalities of the system is performed to ensure the correct operation of the system in accordance with the defined service parameters.
- Operations – service operation in accordance with defined contractual service parameters
If you are interested in Griffinix Managed SOC service please do not hesitate to contact us at email info[at]griffinix.com