Customer Security Operations Centre (CSOC)
Contact
Security professionals are bombarded with a huge number of events daily, making triage a difficult and time-consuming task
By outsourcing the security operations, customers are able to focus on business-as-usual activities with the knowledge security professionals are actively threat hunting, providing high fidelity alerts and utilising interactive playbooks to thwart a breach.
A Customer SOC’s function takes away the difficult task of looking through each event to ensure the appropriate response is enacted upon. This is broken down into three distinct areas:
Preventative actions are essential to stopping an attack, while limiting the damage caused through the nefarious behaviour. This is done by:
Preventing phishing attacks reaching the intended target
Preventing missing patch updates, which would leave the organisation vulnerable
Preventing unauthorised applications being downloaded or used in the corporate environment
Preventing ransomware and malware attacks
Preventing unauthorised account access to systems
Detecting an adversary is a specialist task, which require the need of advanced forensic tools to understand how and when the threat actor breached the network and most importantly, what damage has been caused. To stay ahead of the attacker Customer SOC's look:
To detect privileged account escalation, which allows lateral movement from compromised systems
To detect contact with suspicious internal and external internet/intranet sites
To detect suspicious user activity across the network
To detect sensitive corporate data exfiltration
To detect suspicious software use in compromised accounts
React: once the threat actor has been identified, analysts need to counter the exposure, by:
Reacting to quickly isolate compromised devices
Blocking access to suspicious sites
Supporting with in-depth forensic analysis of the attack lifecycle
Stopping unauthorised active processes
Removing malicious files or emails on compromised endpoints
Capabilities:
Log ingestion through SIEM tools
Proactive threat hunting
Provide automated vulnerability remediation
Provide log retention for forensic lookback and for compliance and regulation
Provide in-depth endpoint vulnerability context
High fidelity alerts
Focussed on business systems integration and world leading vendor alignment, we have deployed many solutions over a prolonged and successful history
Keeping up with continual IT change and expanding a range of technologies, we have become the leading, preferred and often sole IT partner for many South West & Wales businesses.
Technology Investing
We have weathered the commercial storms of recession and made significant personnel investment across all areas of our business. We are proud to continue to strengthen and grow.
Extensive portfolio of products and services
Offering an extensive portfolio of products and services, developed many solutions to suit any type of business.
Service Transitions
Supporting businesses with the transition from Microsoft 2003 server, Exchange 2003 and Windows XP to the newer versions of Microsoft 2008/2012 server.
Best Pricing
Our procurement team have an extensive range of supplier relationships, ensuring the best pricing is gained to offer the most comprehensive solutions.
How can BOM IT Solutions help?
Many organisations only review their cyber security capabilities when a breach has already occurred. Importantly, the cost of a breach can often run into the hundreds of thousands-far outweighing the cost of proactively assessing your level of cyber security.
0800 038 7222
Call for a consultation.
sales@bom.co.uk
Email BOM IT Solutions.
