- Network & host defense
- Reporting & advisories
- Malicious code & virus protection
- Intrusion Detection
- Vulnerability, risk, & penetration
- Data fusion, correlation, analysis, & storage
- Management of key enablers/devices
- Configuration management
- Patch Management
- Computer incident response
- Forensics & investigations
- Serves as an “in-cloud” service-delivery platform for direct/indirect customers
- Helps the SOC team “operate” the Managed Security Services from a central location supporting multiple “Points-of-presence”
- Provides a single-pane-of-glass interface to the customer allowing them to interact with the SOC
- Channel partners can view/update tickets if required for their customers
Our SOC Security Intelligence Platform and Cisco’s next-generation ASA firewalls integrate to provide unprecedented visibility and control into client-side applications, operating systems, virtual machines and mobile devices to meet a variety of use cases and strengthen end-to-end threat lifecycle management.
Cisco FirePOWER Management Center Integration
Our SOC technology leverages Cisco’s eStreamer API to collect network security and flow data from the Cisco FireSIGHT Management Center (formerly Sourcefire), including information generated by Cisco’s next-generation firewall, Cisco ASA with FirePOWER services, and by Cisco’s next-generation Intrusion Prevention System (NGIPS), Cisco FirePOWER NGIPS.
Our SOC can ingest and optimise FireSIGHT data in real-time, and correlate threat activity and known vulnerabilities with other network data to deliver advanced security analytics, extended visibility, and provide continuous monitoring for real-time threat detection and response.
Our SOC can initiate immediate protective action such as terminating communications with command-and-control servers or adding the malicious IPs to a Cisco firewall policy to prevent critical applications and servers from exposure.
- Real-Time Incident Response System
- Baseline of the AMP for endpoint traffic for applications, documents, IP address, whitelist, and blacklist.
- Collect the real-time events from the Firepower and AMP console through secured channel
- Correlate events to enhance the monitoring standard and identify the possible incidents in the client’s network more accurately
- SOC team responds to the customer via email, phone, etc. for event responses and escalations
- Provide your IT Management team with specific policy level recommendations to address an immediate or impending threat
- Weekly and Monthly Security Reporting
- Quarterly Business Review
Event Storage for Forensic Analysis
24×7 Security Monitoring and Advanced Event Correlation of Customer Devices using SIEM tool
ISO PCI-DSS 27001, SANS 20 Compliance Reports
The configuration of the following:
Antivirus, Antispyware, File Blocking, Anti-Spam, Anti-Phishing, Content Filtering, URL Blocking, and URL Filtering
Performance, Availability, and Threat Management
Customizable SLA Response Time
Weekly, Monthly, and Quarterly reports
Advanced Event Correlation and Real-Time Incident Response
Access to Security Knowledge Base
In-Country Log Retention
Our Services are Scalable, Compliant, Cost-effective, and 24x7x365.