Cyber Security
Fusion Center
The Black Cell Fusion Center is an extension of the SOC service matrix with the ability to involve different IT security platforms, on which we deploy advanced detective and reactive use cases
Fusion Center
At the heart of the Black Cell Fusion Center lies its ability to bring together disparate IT security platforms, seamlessly bridging the gaps between different systems. This integration creates a cohesive and comprehensive security ecosystem that enhances visibility, agility, and response capabilities. By leveraging the power of this unified environment, organizations can effectively detect and neutralize potential security breaches, minimizing the impact on their critical systems and data.
The Black Cell Fusion Center service is an extension of the SOC service matrix with the possibility to integrate different IT security platforms, on top of which more advanced detective and reactive use-cases are implemented. We provide our customers with an on-premise solution with a web front-end or an online platform served from our secure cloud, where they can monitor cyber incidents and the status of performance indicators for the development of defined IT security maturity levels, in addition to the above-mentioned functions.
The Fusion Center provides a more unified and proactive approach for responding threats in the infastructure and IT landscape, by providing knowledge sharing and cooperation possibilites between IT departments (Operations, Security, Compliance). This is especially true for hybrid-cloud or full-cloud infrastructures. Black Cell Cyber Fusion Center is fully compatible with Microsoft Azure.
Conceptually, Fusion Center is as close as possible to transparent, real-time communication between the security provider and the customer, and provides the most holistic view of the customer’s cybersecurity ecosystem. FC is all about cybersecurity solutions, products and services based on and aligned with IT security maturity, objective cybersecurity events, quantitative and qualitative metrics, centralised on a single platform.
While the role of a SOC typically focuses on detecting, identifying, investigating, and responding to incidents, a Cyber Fusion Center takes this one step further by improving the overall security profile and capabilities of the organization.
At Black Cell, we offer the option of utilizing Splunk Enterprise and Splunk Enterprise Security (ES) to enhance our SOC services. These industry-leading platforms empower us to provide advanced threat detection, streamlined incident response, and real-time monitoring for our clients. Whether integrated as part of your cybersecurity infrastructure or leveraged through our managed services, Splunk’s capabilities enable comprehensive visibility and tailored protection to meet diverse security needs.
SOC as a Service
What is SOC?
A Cyber Security Operations Center, or SOC is a dedicated IT security unit within the organization, with one primary task: to prevent and eliminate cyber-security incidents. Whether it’s protecting a critical infrastructure or complex enterprise, government environment, our incident response team has specialized experience to provide for our clients.
The primary mission of the SOC is to prevent, detect and handle cyber security incidents. Accordingly, many preventive controls should be implemented during the design phase to reveal and eliminate known attack paths. Blind spots are eliminated by a variety of technical and logical solutions, so detection capabilities will be more efficient, faster, and the time needed to investigate events will minimized. Our company’s SOC-as-a-Service package is specifically designed for infrastructures over 500 IPs.
Cost-effective
Our monthly fee structure provides a flexible and cost-effective solution.
Effective resource allocation
Reducing the cost of IT security devices, licensing, deployment, training and continuous education of employees.
Insurance
Because 100% protection can not be guaranteed, our special liability insurance will also cover the remaining gap on the shield.
What are the key steps?
A Security Operations Center (SOC) as a service offers a comprehensive and proactive approach to safeguarding organizations against cyber threats. It involves a series of key steps designed to detect, analyze, and respond to security incidents in real time, providing continuous protection for critical systems and data.
Step 1 - Assessment
Based on Crown Jewels analysis or on existing risk assessment, we conduct a technology survey of the security toolkit associated with the systems concerned, to determine their effectiveness and maturity.
Step 2 - Detection capabilities
As a result of the assessment, we create a detection capability matrix using a “top to bottom” or “bottom to top” approach, that is, to either tailor technologies to business needs, or to align with the needed coverage requirements based on available technologies and their maturity.
Step 3 - Hardening
With hardening, the systems’ exposure to cyberattacks and vulnerabilities can be substantially reduced.
Step 4 - SIEM implementation
The purpose of SIEM and similar systems is essentially to centrally store and analyze logs (events) and any relevant security data from hardware and software devices, operating systems and applications, to ensure that security-threatening events, malicious acts are discovered. For a list of our supported SIEM systems, see the portfolio of our VAR division.
Step 5 - Use Cases
Use Cases (and related playbooks) means planned reactions and sequences of alarms that indicate a cyber-security incident and require immediate human or automated intervention. Our company has over 100 unique Use Cases that can be customized and also automated with a SOAR platform.
Step 6 - Triage
We define the steps for triaging in the Use case matrix and the associated command register, together with IT security and operation stakeholders. These steps, actions, specific commands and queries can be performed outside the SIEM system but on the connected data sources in case if further validation or more data is needed regarding the incident.
Step 7 - Monitoring
Our dedicated incident management (CSIRT) team is organized on three levels (L1-L3) and are available 24/7/365 for effective IT security oversight and responsiveness. We provide 99.9% * availability for the devices we integrate and manage.
Step 8 - Report & trackback
Incident management and reporting is provided by a framework that adapts to the customer’s technological and administrative capabilities. Regular reports, technical and executive reports on the performance and quality of the service provide a comprehensive overview.
Step 9 - Lessons learned
There may be cases for which there is no Use Case or so far unknown, and therefore we must update the rules, preventive and detective controls, and service defining documents to detect and respond to similar events in the future.
SOC building
Black Cell has already been involved in the organization and the management of many national, multinational and intercontinental SOC events, and gained outstanding experience from the managed SOC operated by our company, which we provide in Hungary and other European Union Member States.
We recommend this service first and foremost to organizations and large companies who have or plan to set up an in-house incident management team.
Our company is also at the disposal of our clients in the design, implementation and testing of SOC.
Key elements of the process
The SIEM (Security and Information Events Management) system of the SOC is based on a holistic view of the corporate infrastructure. Our company can implement any brand independent solution, complemented with detection tools on client, server and network side.
One of the main pillars of the SOC construction is creating the use case matrix and the corresponding playbooks after the detection capabilities have been assessed. For the use cases, see the sample below. We also suggest appropriate tactical and operational actions and strategies, and support the development of an IRP (Incident Response Plan).
Assessment
We assess the internal and external factors of security monitoring and prepare a feasability study on SOC deployment.
Reaction plans
We prepare the use cases and playbooks, taking into account the capabilities and structure of the organization.
Training
We train security analysts and experts from Level 1 to 2. We will teach you how to get the most out of the toolset you choose.
Procurement support
We enable data driven decisions not only on products but holistic security solutions.
Incident response
We contribute to the development of an effective incident response plan (IRP).
Trackback & validation
We assess the internal and external factors of security monitoring and prepare a feasability study on SOC deployment.
OT SOC
Industrial networks include thousands of OT and IoT devices from a variety of vendors. Unfortunately, most of these devices are not designed for the level of security required in the world of IoT, and active scanning, let alone penetration testing, is NOT recommended in OT networks. Here, the list of devices is compared with vulnerability catalogues. From this data, we can create a vulnerability validation roadmap and management program.
MITRE ATT&CK Framework
To properly track the traction of the maturity of an ICS/OT organization we adopted a special MITRE ATT&CK framework that consist of a merged version of ICS and Enterprise is one of the most comprehensive catalogs of possible attack scenarios to respond to and to address the challenges of industry 4.0. Our continuous assessment based on relevant procedures and NOT on techniques alone. If the inspection is performed only on the basis of techniques, it can result in a false sense of security.
Detection capabilities
To properly develop detection capabilities, we are working with passive network monitoring and native client side log enrichment.
Early warning system
In a certain level of maturity we implement a so called early warning system that consist a bunch of deceptive detection workarounds.
Evaluation
Our KPIs is based on certain metrics DWEL time and the coverage of the hybrid MITRE ATT&CK framework.
At Black Cell, we offer the option of utilizing Splunk Enterprise and Splunk Enterprise Security (ES) to enhance our SOC services. These industry-leading platforms empower us to provide advanced threat detection, streamlined incident response, and real-time monitoring for our clients. Whether integrated as part of your cybersecurity infrastructure or leveraged through our managed services, Splunk’s capabilities enable comprehensive visibility and tailored protection to meet diverse security needs.
Fusion Center
Enterprise Security Module
Overview
Black Cell’s Enterprise Security Monitoring solution is a comprehensive technology stack that aims to address all internal cybersecurity solutions into one coherent platform. ESM provides log aggregation, management, and correlation capabilities, enabling it to identify both cyber and cyber-physical related issues. It offers a single interface for all cyber-related systems, including endpoint security, internal network security, vulnerability management, threat intelligence, deceptions and more. The solution leverages a machine learning based XDR system with Detection-as-Code technology and its goal to reduce the number of false positives and enhances overall operational and IT security transparency and reporting mechanisms. Furthermore, BC ESM addresses multiple compliance requirements, ensuring that your organization remains compliant with various industry standards and regulations.
Key Features
Log Management
ESM offers a robust and scalable log management solution with advanced capabilities that cater to the needs of cybersecurity.
Endpoint Security
ESM’s Endpoint security is an agent-based solution for Windows, *nix and Mac designed for detection and response capabilities, ensuring comprehensive protection against a wide array of threats.
Incident Management
Our integrated internal incident management is based on a transparent case handling ecosystem. The system collects and shares information about security issues, allowing for tracking key investigation details and collecting alerts in a central location.
Internal Network Security Monitoring
The ESM Network Security Monitoring provides value by analyzing mirrored IT and OT network traffic utilizing both signatures and metadata.
Vulnerability Management
ESM Vulnerability Management capable of performing extensive network vulnerability scans, covering a wide range of devices, systems, and applications.
Threat Intelligence
The ESM Threat Intelligence is a comprehensive database continuously maintained by Black Cell ESM Labs.
Brand Intelligence
Brand Intelligence not only monitors an entity or company’s own cybersecurity exposure but also tracks indicators of reputation or compromise, such as supply chain vulnerabilities.
Deception Stack
The advantage of the deception stack is its minimal false positive rate.
Anomaly Detections
ESM incorporates machine learning features to automate the detection of anomalies and unusual patterns in log data.
Benefits
Black Cell ESM offers comprehensive, integrated cybersecurity with advanced threat detection, minimal false positives, and continuous support, ensuring robust protection and compliance for your organization.