Cybersecurity Operations Center
 

 

 

 

 

 

 

 

The damage caused by extortion viruses could rise to $ 11.5 billion in 2019, and businesses will fall victim to ransomware attacks every 14 seconds.

SOC as a service SOC building
Fusion Center

SOC as a Service

Black Cell SOC is a managed Cyber Security Operations Center which is suitable for all kind of organizations – we work with SMEs, large corporates, governmental and critical infrastructure organizations – regarldess of their size. SOC helps keeping your business information secure, as we provide a complex service package that covers all the necessary IT security tools, devices, technologies and knowledge. Our monthly fee structure provides a flexible and cost-effective solution as your company can reduce costs of IT security devices, licensing, deployment, training and continuous education of employees.

Because 100% protection can not be guaranteed, our special liability insurance will also cover the remaining gap on the shield.

Cybersecurity Operations Center

A Cyber Security Operations Center, or SOC is a dedicated IT security unit within the organization, with one primary task: to prevent and eliminate cyber-security incidents.

Our company’s SOC-as-a-Service package is specifically designed for infrastructures over 500 IPs. Whether it’s protecting a critical infrastructure or complex enterprise, government environment, our incident response team has specialized experience to provide for our clients. The primary mission of the SOC is to prevent, detect and handle cyber security incidents. Accordingly, many preventive controls should be implemented during the design phase to reveal and eliminate known attack paths. Blind spots are eliminated by a variety of technical and logical solutions, so detection capabilities will be more efficient, faster, and the time needed to investigate events will minimized.

Cybersecurity Operations Center

Assessment

Based on Crown Jewels analysis or on existing risk assessment, we conduct a technology survey of the security toolkit associated with the systems concerned, to determine their effectiveness and maturity.

Detection capabilities

As a result of the assessment, we create a detection capability matrix using a “top to bottom” or “bottom to top” approach, that is, to either tailor technologies to business needs, or to align with the needed coverage requirements based on available technologies and their maturity.

Hardening

With hardening, the systems’ exposure to cyberattacks and vulnerabilities can be substantially reduced.

SIEM implementation

The purpose of SIEM and similar systems is essentially to centrally store and analyze logs (events) and any relevant security data from hardware and software devices, operating systems and applications, to ensure that security-threatening events, malicious acts are discovered. For a list of our supported SIEM systems, see the portfolio of our VAR division.

Use Cases

Use Cases (and related playbooks) means planned reactions and sequences of alarms that indicate a cyber-security incident and require immediate human or automated intervention. Our company has over 100 unique Use Cases that can be customized and also automated with a SOAR platform.

Triage

We define the steps for triaging in the Use case matrix and the associated command register, together with IT security and operation stakeholders. These steps, actions, specific commands and queries can be performed outside the SIEM system but on the connected data sources in case if further validation or more data is needed regarding the incident

Monitoring

Our dedicated incident management (CSIRT) team is organized on three levels (L1-L3) and are available 24/7/365 for effective IT security oversight and responsiveness. We provide 99.9% * availability for the devices we integrate and manage.

Reports and trackback

Incident management and reporting is provided by a framework that adapts to the customer’s technological and administrative capabilities. Regular reports, technical and executive reports on the performance and quality of the service provide a comprehensive overview.

Lessons learned

There may be cases for which there is no Use Case or so far unknown, and therefore we must update the rules, preventive and detective controls, and service defining documents to detect and respond to similar events in the future.

SOC as a Service bundles

 

SOC building

We conduct proactive threat detection even when local cyberspace seems calm.

We help to develop or modify the IRP plan completed with SOC coverage.

We deliver our use cases and response plans in a structured and centralized manner, helping analysts work.

Our SOC is operating non-stop 7/24/365 with 99,99% service availability thanks to redundant solutions.

There is no effective use case without a Playbook. We use SOAR platforms to speed up the session and automate as many steps as possible in an incident validation process.

SOAR system automates playbooks by interfacing products and solutions from different manufacturers on a single platform

Cyber Threat Intelligence resources help our work to control events in a richer context, thereby reducing the number of false-positive alerts.

Assessment

We are making a feasibility study.

Procurement support

We advice solutions not only products.

Reaction plans

We prepare the Use Case and Playbook pairs taking into account the capabilities and structure of the organization.

IRP

We contribute to the development of an effective incident management plan.

Training

We train security analysts and experts from Level 1 to 2. We will teach you how to get the most out of the toolset you choose

Trackback and validation

We use Red and Blue teaming services to validate the maturity level of the security center created within a War game.

The SIEM (Security and Information Events Management) system of the SOC (Security Operations Center) is based on a holistic view of the corporate infrastructure. Our company can implement any brand independent solution, complemented with detection tools on client , server and network side .

We suggest appropriate tactical and operational actions and strategies, and support the development of an IRP (Incident Response Plan).

We recommend it first and foremost to organizations and large companies who have or plan to set up an in-house incident management team. Our company is also at the disposal of our clients in the design, implementation and testing of SOC.

One of the main pillars of the SOC construction is creating the use case matrix and the corresponding playbooks after the detection capabilities have been assessed. For the use cases, see the sample below.

Black Cell Ltd. has already been involved in the organization and the management of many national, multinational and intercontinental SOC events, and gained outstanding experience from the managed SOC operated by our company, which we provide in Hungary and other European Union Member States.

Why choose us?

 

Black Cell Ltd. was founded in 2010 in Hungary. The team has proven to have the right skills, competencies, and knowledgebase to successfully run and maintain a Cyber Security Operations Center. We have a strict service contract regulating our operations and also have a $1 million liability insurance. We’re operating non-stop and provide live monitoring and alarm system on each day of the year.

Our CERT team has been certified by Carnegie Mellon University. Our incident response team is made up of four experts from different IT security fields who are simultaneously serving in the SOC. These areas consist of offensive security (ethical hacking), defensive security (log analytics), threat hunting and cyber threat intelligence (CTI). In addition, our network security and product-specific support staff are also available.

 

Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center
Cybersecurity Operations Center

Pin It on Pinterest