Fusion Center
Cyber Security Fusion Center

The Black Cell Fusion Center is an extension of the SOC service matrix with the ability to involve different IT security platforms, on which we deploy advanced detective and reactive use cases

Fusion Center

The Black Cell Fusion Center service is an extension of the SOC service matrix with the possibility to integrate different IT security platforms, on top of which more advanced detective and reactive use-cases are implemented. We provide our customers with an on-premise solution with a web front-end or an online platform served from our secure cloud, where they can monitor cyber incidents and the status of performance indicators for the development of defined IT security maturity levels, in addition to the above-mentioned functions.

Conceptually, Fusion Center is as close as possible to transparent, real-time communication between the security provider and the customer, and provides the most holistic view of the customer’s cybersecurity ecosystem. FC is all about cybersecurity solutions, products and services based on and aligned with IT security maturity, objective cybersecurity events, quantitative and qualitative metrics, centralised on a single platform.

Clients are provided with a web based platform, where they can track key information, such as incidents or the performance indicators relevant to acheiving a higher maturity level. The Fusion Center concept enables transparent, real time communication between the client and service provider. It also provides excellent insight into a clients cybersecurity ecosystem, its current maturity level and its progress towards a higher level.

The fusion center provides a more unified and proactive approach for responding threats in the infastructure and IT landscape, by providing knowledge sharing and cooperation possibilites between IT departments (Operations, Security, Compliance).

This is especially true for hybrid-cloud or full-cloud infrastructures. While the role of a SOC typically focuses on detecting, identifying, investigating, and responding to incidents, a cyber fusion center takes this one step further by improving the overall security profile and capabilities of the organization. Black Cell Cyber Fusion Center is fully compatible with Microsoft Azure.

SOC as a Service

Black Cell SOC is a managed Cyber Security Operations Center which is suitable for all kind of organizations – we work with SMEs, large corporates, governmental and critical infrastructure organizations – regarldess of their size. SOC helps keeping your business information secure, as we provide a complex service package that covers all the necessary IT security tools, devices, technologies and knowledge. Our monthly fee structure provides a flexible and cost-effective solution as your company can reduce costs of IT security devices, licensing, deployment, training and continuous education of employees.

Because 100% protection can not be guaranteed, our special liability insurance will also cover the remaining gap on the shield.

A Cyber Security Operations Center, or SOC is a dedicated IT security unit within the organization, with one primary task: to prevent and eliminate cyber-security incidents.

Our company’s SOC-as-a-Service package is specifically designed for infrastructures over 500 IPs. Whether it’s protecting a critical infrastructure or complex enterprise, government environment, our incident response team has specialized experience to provide for our clients. The primary mission of the SOC is to prevent, detect and handle cyber security incidents. Accordingly, many preventive controls should be implemented during the design phase to reveal and eliminate known attack paths. Blind spots are eliminated by a variety of technical and logical solutions, so detection capabilities will be more efficient, faster, and the time needed to investigate events will minimized.


Based on Crown Jewels analysis or on existing risk assessment, we conduct a technology survey of the security toolkit associated with the systems concerned, to determine their effectiveness and maturity.


With hardening, the systems’ exposure to cyberattacks and vulnerabilities can be substantially reduced.

Use Cases

Use Cases (and related playbooks) means planned reactions and sequences of alarms that indicate a cyber-security incident and require immediate human or automated intervention. Our company has over 100 unique Use Cases that can be customized and also automated with a SOAR platform.


Our dedicated incident management (CSIRT) team is organized on three levels (L1-L3) and are available 24/7/365 for effective IT security oversight and responsiveness. We provide 99.9% * availability for the devices we integrate and manage.

Lessons learned

There may be cases for which there is no Use Case or so far unknown, and therefore we must update the rules, preventive and detective controls, and service defining documents to detect and respond to similar events in the future.

Detection capabilities

As a result of the assessment, we create a detection capability matrix using a “top to bottom” or “bottom to top” approach, that is, to either tailor technologies to business needs, or to align with the needed coverage requirements based on available technologies and their maturity.

SIEM implementation

The purpose of SIEM and similar systems is essentially to centrally store and analyze logs (events) and any relevant security data from hardware and software devices, operating systems and applications, to ensure that security-threatening events, malicious acts are discovered. For a list of our supported SIEM systems, see the portfolio of our VAR division.


We define the steps for triaging in the Use case matrix and the associated command register, together with IT security and operation stakeholders. These steps, actions, specific commands and queries can be performed outside the SIEM system but on the connected data sources in case if further validation or more data is needed regarding the incident.

Reports and trackback

Incident management and reporting is provided by a framework that adapts to the customer’s technological and administrative capabilities. Regular reports, technical and executive reports on the performance and quality of the service provide a comprehensive overview.

SOC building

The SIEM (Security and Information Events Management) system of the SOC (Security Operations Center) is based on a holistic view of the corporate infrastructure. Our company can implement any brand independent solution, complemented with detection tools on client , server and network side.

We suggest appropriate tactical and operational actions and strategies, and support the development of an IRP (Incident Response Plan).

We recommend it first and foremost to organizations and large companies who have or plan to set up an in-house incident management team. Our company is also at the disposal of our clients in the design, implementation and testing of SOC.

One of the main pillars of the SOC construction is creating the use case matrix and the corresponding playbooks after the detection capabilities have been assessed. For the use cases, see the sample below.

Black Cell has already been involved in the organization and the management of many national, multinational and intercontinental SOC events, and gained outstanding experience from the managed SOC operated by our company, which we provide in Hungary and other European Union Member States.


We assess the internal and external factors of security monitoring and prepare a feasability study on SOC deployment.

Reaction plans

We prepare the use cases and playbooks, taking into account the capabilities and structure of the organization.


We train security analysts and experts from Level 1 to 2. We will teach you how to get the most out of the toolset you choose.

Procurement support

We enable data driven decisions not only on products but holistic security solutions.

Incident response

We contribute to the development of an effective incident response plan (IRP).

Trackback and validation

We use red and blue teaming services to validate the maturity level of the security operations center in a war game.


The hybrid MITRE ATT&CK based gap analysis – To properly track the traction of the maturity we adopted a special MITRE ATT&CK framework that consist of a merged version of for ICS and for Enterprise is one of the most comprehensive catalogs of possible attack scenarios to respond to and to address the challenges of industry 4.0. Our continuous assessment based on relevant procedures and NOT on techniques alone. If the inspection is performed only on the basis of techniques, it can result in a false sense of security.

Industrial networks include thousands of OT and IoT devices from a variety of vendors. Unfortunately, most of these devices are not designed for the level of security required in the world of IoT, and active scanning, let alone penetration testing, is NOT recommended in OT networks. Here, the list of devices is compared with vulnerability catalogues. From this data, we can create a vulnerability validation roadmap and management program.

To properly develop detection capabilities, we are working with passive network monitoring and native client side log enrichment.

In a certain level of maturity we implement a so called early warning system that consist a bunch of deceptive detection workarounds.

Our KPIs is based on certain metrics DWEL time and the coverage of the hybrid MITRE ATT&CK framework.

Pin It on Pinterest