Cyber Security
Fusion Center
The Black Cell Fusion Center is an extension of the SOC service matrix with the ability to involve different IT security platforms, on which we deploy advanced detective and reactive use cases
Fusion Center
At the heart of the Black Cell Fusion Center lies its ability to bring together disparate IT security platforms, seamlessly bridging the gaps between different systems. This integration creates a cohesive and comprehensive security ecosystem that enhances visibility, agility, and response capabilities. By leveraging the power of this unified environment, organizations can effectively detect and neutralize potential security breaches, minimizing the impact on their critical systems and data.
The Black Cell Fusion Center service is an extension of the SOC service matrix with the possibility to integrate different IT security platforms, on top of which more advanced detective and reactive use-cases are implemented. We provide our customers with an on-premise solution with a web front-end or an online platform served from our secure cloud, where they can monitor cyber incidents and the status of performance indicators for the development of defined IT security maturity levels, in addition to the above-mentioned functions.
The Fusion Center provides a more unified and proactive approach for responding threats in the infastructure and IT landscape, by providing knowledge sharing and cooperation possibilites between IT departments (Operations, Security, Compliance). This is especially true for hybrid-cloud or full-cloud infrastructures. Black Cell Cyber Fusion Center is fully compatible with Microsoft Azure.
Conceptually, Fusion Center is as close as possible to transparent, real-time communication between the security provider and the customer, and provides the most holistic view of the customer’s cybersecurity ecosystem. FC is all about cybersecurity solutions, products and services based on and aligned with IT security maturity, objective cybersecurity events, quantitative and qualitative metrics, centralised on a single platform.
While the role of a SOC typically focuses on detecting, identifying, investigating, and responding to incidents, a Cyber Fusion Center takes this one step further by improving the overall security profile and capabilities of the organization.
Splunk Enterprise Security: The Future of Cyber Defense
In a world where cyber threats evolve rapidly, protecting your organization requires more than traditional measures. Splunk Enterprise Security (ES) delivers a cutting-edge solution to empower your Security Operations Center (SOC) with the tools needed to detect, investigate, and respond to threats efficiently. Built on the powerful Splunk Enterprise platform, Splunk ES turns raw data into actionable insights, enabling organizations to stay ahead of adversaries.
A Complete Security Ecosystem for Your SOC
Splunk ES goes beyond being just another Security Information and Event Management (SIEM) tool. It provides a comprehensive security ecosystem that enhances your SOC’s capabilities through advanced analytics, real-time monitoring, and actionable threat intelligence. Key features include:
- Advanced Security Analytics: Dive deep into network activity, user behaviors, and threat indicators with intuitive visualizations and robust data models.
- Automated Incident Response: Contain and remediate threats faster with adaptive response workflows, reducing manual intervention and response times.
- Compliance and Reporting: Meet regulatory requirements effortlessly with built-in tools for compliance monitoring and audit-ready reporting.
- MITRE ATT&CK Integration: Map threats to globally recognized attack techniques for precise detection and mitigation.
Redefining the SOC Workflow
Splunk ES transforms how SOC teams work, making operations more efficient and targeted. With Risk-Based Alerting (RBA), analysts can prioritize alerts based on potential risk and impact instead of relying on event thresholds. This eliminates noise and ensures that critical threats get the attention they deserve. Centralized investigations, automation, and correlation searches further streamline workflows, empowering SOC teams to focus on high-priority incidents and proactive threat hunting.
Why Choose Splunk ES?
By integrating advanced capabilities and a streamlined workflow, Splunk ES doesn’t just improve your security – It revolutionizes it. Whether you’re safeguarding against ransomware, managing compliance, or hunting for threats, Splunk ES provides the intelligence and tools to make your SOC more effective and efficient.
Stay ahead of evolving threats with Splunk ES – because in today’s digital landscape, a strong defense isn’t just important, it’s essential.
Practical Applications for Modern Cybersecurity
Splunk ES excels across a wide range of real-world cybersecurity use cases, including:
Threat Hunting
Proactively identify anomalies and potential breaches using behavioral analytics and advanced threat intelligence.
Insider Threat Detection
Detect compromised accounts or suspicious user activities with behavior analysis tailored to uncover insider threats.
Advanced Threat Detection
Leverage the MITRE ATT&CK framework to track and understand sophisticated attack techniques in real-time.
SOC as a Service
What is SOC?
A Cyber Security Operations Center, or SOC is a dedicated IT security unit within the organization, with one primary task: to prevent and eliminate cyber-security incidents. Whether it’s protecting a critical infrastructure or complex enterprise, government environment, our incident response team has specialized experience to provide for our clients.
The primary mission of the SOC is to prevent, detect and handle cyber security incidents. Accordingly, many preventive controls should be implemented during the design phase to reveal and eliminate known attack paths. Blind spots are eliminated by a variety of technical and logical solutions, so detection capabilities will be more efficient, faster, and the time needed to investigate events will minimized. Our company’s SOC-as-a-Service package is specifically designed for infrastructures over 500 IPs.
Cost-effective
Our monthly fee structure provides a flexible and cost-effective solution.
Effective resource allocation
Reducing the cost of IT security devices, licensing, deployment, training and continuous education of employees.
Insurance
Because 100% protection can not be guaranteed, our special liability insurance will also cover the remaining gap on the shield.
What are the key steps?
A Security Operations Center (SOC) as a service offers a comprehensive and proactive approach to safeguarding organizations against cyber threats. It involves a series of key steps designed to detect, analyze, and respond to security incidents in real time, providing continuous protection for critical systems and data.
Step 1 - Assessment
Based on Crown Jewels analysis or on existing risk assessment, we conduct a technology survey of the security toolkit associated with the systems concerned, to determine their effectiveness and maturity.
Step 2 - Detection capabilities
As a result of the assessment, we create a detection capability matrix using a “top to bottom” or “bottom to top” approach, that is, to either tailor technologies to business needs, or to align with the needed coverage requirements based on available technologies and their maturity.
Step 3 - Hardening
With hardening, the systems’ exposure to cyberattacks and vulnerabilities can be substantially reduced.
Step 4 - SIEM implementation
The purpose of SIEM and similar systems is essentially to centrally store and analyze logs (events) and any relevant security data from hardware and software devices, operating systems and applications, to ensure that security-threatening events, malicious acts are discovered. For a list of our supported SIEM systems, see the portfolio of our VAR division.
Step 5 - Use Cases
Use Cases (and related playbooks) means planned reactions and sequences of alarms that indicate a cyber-security incident and require immediate human or automated intervention. Our company has over 100 unique Use Cases that can be customized and also automated with a SOAR platform.
Step 6 - Triage
We define the steps for triaging in the Use case matrix and the associated command register, together with IT security and operation stakeholders. These steps, actions, specific commands and queries can be performed outside the SIEM system but on the connected data sources in case if further validation or more data is needed regarding the incident.
Step 7 - Monitoring
Our dedicated incident management (CSIRT) team is organized on three levels (L1-L3) and are available 24/7/365 for effective IT security oversight and responsiveness. We provide 99.9% * availability for the devices we integrate and manage.
Step 8 - Report & trackback
Incident management and reporting is provided by a framework that adapts to the customer’s technological and administrative capabilities. Regular reports, technical and executive reports on the performance and quality of the service provide a comprehensive overview.
Step 9 - Lessons learned
There may be cases for which there is no Use Case or so far unknown, and therefore we must update the rules, preventive and detective controls, and service defining documents to detect and respond to similar events in the future.
SOC building
Black Cell has already been involved in the organization and the management of many national, multinational and intercontinental SOC events, and gained outstanding experience from the managed SOC operated by our company, which we provide in Hungary and other European Union Member States.
We recommend this service first and foremost to organizations and large companies who have or plan to set up an in-house incident management team.
Our company is also at the disposal of our clients in the design, implementation and testing of SOC.
Key elements of the process
The SIEM (Security and Information Events Management) system of the SOC is based on a holistic view of the corporate infrastructure. Our company can implement any brand independent solution, complemented with detection tools on client, server and network side.
One of the main pillars of the SOC construction is creating the use case matrix and the corresponding playbooks after the detection capabilities have been assessed. For the use cases, see the sample below. We also suggest appropriate tactical and operational actions and strategies, and support the development of an IRP (Incident Response Plan).
Assessment
We assess the internal and external factors of security monitoring and prepare a feasability study on SOC deployment.
Reaction plans
We prepare the use cases and playbooks, taking into account the capabilities and structure of the organization.
Training
We train security analysts and experts from Level 1 to 2. We will teach you how to get the most out of the toolset you choose.
Procurement support
We enable data driven decisions not only on products but holistic security solutions.
Incident response
We contribute to the development of an effective incident response plan (IRP).
Trackback & validation
We assess the internal and external factors of security monitoring and prepare a feasability study on SOC deployment.
OT SOC
Industrial networks include thousands of OT and IoT devices from a variety of vendors. Unfortunately, most of these devices are not designed for the level of security required in the world of IoT, and active scanning, let alone penetration testing, is NOT recommended in OT networks. Here, the list of devices is compared with vulnerability catalogues. From this data, we can create a vulnerability validation roadmap and management program.
MITRE ATT&CK Framework
To properly track the traction of the maturity of an ICS/OT organization we adopted a special MITRE ATT&CK framework that consist of a merged version of ICS and Enterprise is one of the most comprehensive catalogs of possible attack scenarios to respond to and to address the challenges of industry 4.0. Our continuous assessment based on relevant procedures and NOT on techniques alone. If the inspection is performed only on the basis of techniques, it can result in a false sense of security.
Detection capabilities
To properly develop detection capabilities, we are working with passive network monitoring and native client side log enrichment.
Early warning system
In a certain level of maturity we implement a so called early warning system that consist a bunch of deceptive detection workarounds.
Evaluation
Our KPIs is based on certain metrics DWEL time and the coverage of the hybrid MITRE ATT&CK framework.
Strengthen Your Industrial Cybersecurity with the OT Security Add-on for Splunk
In today’s interconnected industrial environments, safeguarding Operational Technology (OT) is more critical than ever. The OT Security Add-on for Splunk enhances Splunk Enterprise Security by providing comprehensive visibility and control over OT assets, enabling organizations to better protect critical infrastructure from cyber threats.
Bridging the Gap Between IT and OT
Traditional IT security tools often fall short in addressing the unique challenges of OT environments. The OT Security Add-on bridges this gap, integrating data from leading OT security solutions to create a unified view of both IT and OT assets. This holistic approach empowers organizations to detect vulnerabilities, respond to threats, and maintain compliance with industry regulations, all within the familiar Splunk interface.
Key Benefits for Industrial Cybersecurity
The OT Security Add-on is designed with industrial operations in mind, offering capabilities that go beyond standard IT security. It provides detailed asset profiling, allowing organizations to analyze OT-specific attributes such as facility IDs, asset types, criticality, VLANs, and zones. This enriched asset framework ensures security teams have the context they need to protect critical systems effectively.
Another standout feature is its integration with industry-leading OT security technologies, which streamlines the ingestion of asset inventories, vulnerabilities, and alerts. By leveraging prebuilt dashboards and reports, users can quickly gain insights into OT perimeter and infrastructure monitoring, reducing the time it takes to detect and mitigate risks.
Proactive Threat Detection and Compliance Support
One of the most powerful aspects of the OT Security Add-on is its ability to prioritize vulnerabilities using dynamic correlation queries and risk assessments. This feature enables teams to focus on the most pressing threats, ensuring resources are allocated effectively.
For organizations in regulated industries, compliance is a constant concern. The OT Security Add-on simplifies this process with tools tailored for NERC CIP compliance, including dashboards and reports that make audit preparation more efficient.
Enhance Visibility and Control
The add-on takes visibility to the next level by profiling asset behavior and monitoring for anomalies that could signal potential threats. It also supports the creation of asset baselines, ensuring security standards are consistently applied across all OT systems.
With OT-specific correlation searches mapped to frameworks like MITRE ATT&CK for ICS, organizations can align their threat detection strategies with industry best practices, providing a solid foundation for proactive security.
Build Resilience Across IT and OT
The OT Security Add-on for Splunk is more than an extension of your security tools – It’s a critical component of a modern, integrated cybersecurity strategy. By unifying IT and OT data, empowering proactive risk management, and simplifying compliance, this solution helps organizations build resilience in the face of evolving threats.
Ready to take your OT security to the next level? With the OT Security Add-on, you can confidently protect the systems that keep your operations running.
Fusion Center
Enterprise Security Module
Overview
Black Cell’s Enterprise Security Monitoring solution is a comprehensive technology stack that aims to address all internal cybersecurity solutions into one coherent platform. ESM provides log aggregation, management, and correlation capabilities, enabling it to identify both cyber and cyber-physical related issues. It offers a single interface for all cyber-related systems, including endpoint security, internal network security, vulnerability management, threat intelligence, deceptions and more. The solution leverages a machine learning based XDR system with Detection-as-Code technology and its goal to reduce the number of false positives and enhances overall operational and IT security transparency and reporting mechanisms. Furthermore, BC ESM addresses multiple compliance requirements, ensuring that your organization remains compliant with various industry standards and regulations.
Key Features
Log Management
ESM offers a robust and scalable log management solution with advanced capabilities that cater to the needs of cybersecurity.
Endpoint Security
ESM’s Endpoint security is an agent-based solution for Windows, *nix and Mac designed for detection and response capabilities, ensuring comprehensive protection against a wide array of threats.
Incident Management
Our integrated internal incident management is based on a transparent case handling ecosystem. The system collects and shares information about security issues, allowing for tracking key investigation details and collecting alerts in a central location.
Internal Network Security Monitoring
The ESM Network Security Monitoring provides value by analyzing mirrored IT and OT network traffic utilizing both signatures and metadata.
Vulnerability Management
ESM Vulnerability Management capable of performing extensive network vulnerability scans, covering a wide range of devices, systems, and applications.
Threat Intelligence
The ESM Threat Intelligence is a comprehensive database continuously maintained by Black Cell ESM Labs.
Brand Intelligence
Brand Intelligence not only monitors an entity or company’s own cybersecurity exposure but also tracks indicators of reputation or compromise, such as supply chain vulnerabilities.
Deception Stack
The advantage of the deception stack is its minimal false positive rate.
Anomaly Detections
ESM incorporates machine learning features to automate the detection of anomalies and unusual patterns in log data.
Benefits
Black Cell ESM offers comprehensive, integrated cybersecurity with advanced threat detection, minimal false positives, and continuous support, ensuring robust protection and compliance for your organization.