4 minute read
2. SOC Operations
2. SOC Operations
During the SOC Operations phase, Data Consult will provide the following capabilities and technical services to the customer:
Advertisement
8x5 Security Monitoring:
This service delivers real-time monitoring, correlation, and expert analysis of security activity across your enterprise. The service improves the effectiveness of your security maturity by actively analyzing the logs and alerts from your infrastructure, 8x5. Our certified Security Analysts will have the context needed to eliminate false positives and respond to the true threats to your information assets.
SOC Operations Capabilities Data Consult Advanced Cyber Fusion Center
SOAR Automated Tier 1 Data Consult Team will leverage the SOAR with created playbooks and automation to allow the SOC tier 1 activities to be completed in an automated fashion by the SOAR, allowing the SOC analysts to focus on more meaningful events and tasks.
Human based Tier 2 Triage Analysis Data Consult seeks the brightest outside of the box thinkers and analytics-focused security experts to work within the SOC across the different cells. We ensure that their skill sets are updated and in use with regular SANS training and certification. SOAR handles the timeconsuming and more mundane process and procedures with our internally developed playbooks giving our senior SOC analysts the needed resources and freedom to investigate enriched tickets and gather enough evidence to identify true positive abnormalities detected in the client’s environments.
SOC Management & Reporting
Outputs Data Consult brought in recognized leaders into operational and technical roles to establish a solid foundation from which security operation is handed. These leaders understand the needs and have realworld experience; this allows for enhanced client handling and reporting by creating meaningful client customized reporting and leadership engagements. Additionally, Data Consult produces regular (weekly, monthly and quarterly) SOC scorecard reports to demonstrate continuous improvement in the operation and to highlight any area that needs to be addressed by the client or Data Consult on an urgent basis. Detailed reporting scope is provided in deliverables section. Data Consult is creating meaningful client customized outputs, including automatic reporting and delivery and on-demand reporting and delivery. Data Consult works directly with client stakeholders to understand the output needs and best address them in the most effective approach.
Incident Response Retainer – Remote Services (Costumer responsible for on-site tasks)
This service allows the customer team to have a trusted partner on standby supporting incident investigations, digital forensics, and malware analysis. Additionally, the retainer allows the customer to proactively prepare for cyber security incidents by conducting tabletop exercises or testing of the incident response plan
Incident Response Retainer (120 hours per year) Criteria Data Consult Advanced Cyber Fusion Center
Reactive Services: Forensics + Malware Analysis Data Consult will be rolling out an advanced malware and forensic lab from the KSA location. This lab will enable the IR cell and the malware analyst to support greater capacity and more complex artifacts collected from the client environment or research into threat landscapes. The lab will host a malware repository that will provide historical samples and allow for the creation of internal malware intelligence to be combined with our 3rd party malware intelligence.
Incident Response Retainer (120 hours per year) Criteria Data Consult Advanced Cyber Fusion Center
Reactive Services: Incident Handling Data Consult Incident Response consultants provide remote incident handling roles. Our Incident responders act as an escalation point for the SOC analysts, provide guidance and support, and technical subject matter expertise. The cell works out of two hubs covering the Levant and GCC territories. Data Consult will also be rolling out an incident handling and forensic lab from the KSA location to support more complex IR needs.
Security Use Cases Engineering
Security Engineering and Use Case Management (2 use case per month) Criteria Data Consult Advanced Cyber Fusion Center
Use Case Engineering Data Consult will provide Customer with SIEM Content Planning, Development and Tuning. As such, the focus of this activity is on the identification and implementation of use cases via the development of rules based on Data Consult proprietary threat intelligence and understanding of the customer environment. Observe rule operation, once implemented and review/monitor performance of the use case content; Tune content, as needed, and with Customer approval, to achieve a balance that will minimize “false positives” and maximize the detection of security threats;
Continuous Improvement
To deliver this successfully, Data Consult will allocate a Team Leader to the SOC Operations team to look after the customer and provide a single point of interface between Data Consult operations and the costumer. The Team Leader will have strong management experience in the SOC and will support other teams such as Consulting, Engineering, Product Development, Sales, and Presales teams. This role will act as a Trusted Advisor to the customer security management team and will also act as Data Consult’s Customer Services Manager. As we deliver the SOC Operations we will identify on an on-going basis, areas for continuous improvement in the overall SOC design, build and operation, including areas for automation, process optimization, use case development, introduction of new services / solutions to the portfolio.
This role will manage the following capabilities:
Manage quality of SOC operations delivery by Data Consult SOC team. Manage Data Consult SOC metrics and reports and present them regularly to customer management team. Recommend improvements to SOC people, process and technologies to the customer senior management team. Manage training for Data Consult SOC team members, including time to take training and when to conduct the training.
