SOC as a Service
Black Cell SOC is a managed Cyber Security Operations Center which is suitable for all kind of organizations – we work with SMEs, large corporates, governmental and critical infrastructure organizations – regarldess of their size. SOC helps keeping your business information secure, as we provide a complex service package that covers all the necessary IT security tools, devices, technologies and knowledge. Our monthly fee structure provides a flexible and cost-effective solution as your company can reduce costs of IT security devices, licensing, deployment, training and continuous education of employees.
Because 100% protection can not be guaranteed, our special liability insurance will also cover the remaining gap on the shield.
A Cyber Security Operations Center, or SOC is a dedicated IT security unit within the organization, with one primary task: to prevent and eliminate cyber-security incidents.
Our company’s SOC-as-a-Service package is specifically designed for infrastructures over 500 IPs. Whether it’s protecting a critical infrastructure or complex enterprise, government environment, our incident response team has specialized experience to provide for our clients. The primary mission of the SOC is to prevent, detect and handle cyber security incidents. Accordingly, many preventive controls should be implemented during the design phase to reveal and eliminate known attack paths. Blind spots are eliminated by a variety of technical and logical solutions, so detection capabilities will be more efficient, faster, and the time needed to investigate events will minimized.
Based on Crown Jewels analysis or on existing risk assessment, we conduct a technology survey of the security toolkit associated with the systems concerned, to determine their effectiveness and maturity.
As a result of the assessment, we create a detection capability matrix using a “top to bottom” or “bottom to top” approach, that is, to either tailor technologies to business needs, or to align with the needed coverage requirements based on available technologies and their maturity.
With hardening, the systems’ exposure to cyberattacks and vulnerabilities can be substantially reduced.
The purpose of SIEM and similar systems is essentially to centrally store and analyze logs (events) and any relevant security data from hardware and software devices, operating systems and applications, to ensure that security-threatening events, malicious acts are discovered. For a list of our supported SIEM systems, see the portfolio of our VAR division.
Use Cases (and related playbooks) means planned reactions and sequences of alarms that indicate a cyber-security incident and require immediate human or automated intervention. Our company has over 100 unique Use Cases that can be customized and also automated with a SOAR platform.
We define the steps for triaging in the Use case matrix and the associated command register, together with IT security and operation stakeholders. These steps, actions, specific commands and queries can be performed outside the SIEM system but on the connected data sources in case if further validation or more data is needed regarding the incident
Our dedicated incident management (CSIRT) team is organized on three levels (L1-L3) and are available 24/7/365 for effective IT security oversight and responsiveness. We provide 99.9% * availability for the devices we integrate and manage.
Reports and trackback
Incident management and reporting is provided by a framework that adapts to the customer’s technological and administrative capabilities. Regular reports, technical and executive reports on the performance and quality of the service provide a comprehensive overview.
There may be cases for which there is no Use Case or so far unknown, and therefore we must update the rules, preventive and detective controls, and service defining documents to detect and respond to similar events in the future.
SOC as a Service bundles
- 60 SIEM Use Cases
- SOAR platform
- 24/7 monitoring
- Liability Insurance
- 99,9% availability
- Highest SLA is 60 mins
- Vulnerability management
- Open-Source CTI feeds
- Basic Bundle
- 40+ SIEM Use Cases
- Historical correlation
- Forensics investigations
- User behavior analytics (UBA)
- Vulnerability assessment quarterly
- Commercial CTI feeds
- Standard Bundle
- Custom developed use cases
- Unlimited forensics investigations
- Hardening benchmark
- Network behavior analytics
- Proactive Threat Hunting
- Monthly vulnerability assessments
- Honeypot implementation
- 99,99% availability
- Highest SLA 30 mins
- Dedicated Service Delivery Manager
- Threat hunting
- Incident Response Plan
- Use case matrix
- 0-24 monitoring
- SOAR (Security Orchestration, Automation and Response)
- Cyber Threat Intelligence
We conduct proactive threat detection even when local cyberspace seems calm.
We help to develop or modify the IRP plan completed with SOC coverage.
We deliver our use cases and response plans in a structured and centralized manner, helping analysts work.
Our SOC is operating non-stop 7/24/365 with 99,99% service availability thanks to redundant solutions.
There is no effective use case without a Playbook. We use SOAR platforms to speed up the session and automate as many steps as possible in an incident validation process.
SOAR system automates playbooks by interfacing products and solutions from different manufacturers on a single platform
Cyber Threat Intelligence resources help our work to control events in a richer context, thereby reducing the number of false-positive alerts.
We are making a feasibility study.
We advice solutions not only products.
We prepare the Use Case and Playbook pairs taking into account the capabilities and structure of the organization.
We contribute to the development of an effective incident management plan.
We train security analysts and experts from Level 1 to 2. We will teach you how to get the most out of the toolset you choose
Trackback and validation
We use Red and Blue teaming services to validate the maturity level of the security center created within a War game.
The SIEM (Security and Information Events Management) system of the SOC (Security Operations Center) is based on a holistic view of the corporate infrastructure. Our company can implement any brand independent solution, complemented with detection tools on client , server and network side .
We suggest appropriate tactical and operational actions and strategies, and support the development of an IRP (Incident Response Plan).
We recommend it first and foremost to organizations and large companies who have or plan to set up an in-house incident management team. Our company is also at the disposal of our clients in the design, implementation and testing of SOC.
One of the main pillars of the SOC construction is creating the use case matrix and the corresponding playbooks after the detection capabilities have been assessed. For the use cases, see the sample below.
Black Cell Ltd. has already been involved in the organization and the management of many national, multinational and intercontinental SOC events, and gained outstanding experience from the managed SOC operated by our company, which we provide in Hungary and other European Union Member States.
Why choose us?
Black Cell Ltd. was founded in 2010 in Hungary. The team has proven to have the right skills, competencies, and knowledgebase to successfully run and maintain a Cyber Security Operations Center. We have a strict service contract regulating our operations and also have a $1 million liability insurance. We’re operating non-stop and provide live monitoring and alarm system on each day of the year.
Our CERT team has been certified by Carnegie Mellon University. Our incident response team is made up of four experts from different IT security fields who are simultaneously serving in the SOC. These areas consist of offensive security (ethical hacking), defensive security (log analytics), threat hunting and cyber threat intelligence (CTI). In addition, our network security and product-specific support staff are also available.