SOC | SIEM | CSIRT
We define, implement and monitor cyberincidents from the perimeter of the network. We use modern event correlation technologies.
"We cover the three standard areas of a SOC/CSIRT: a team of highly trained professionals; efficient and proven processes; and appropriate, state-of-the-art technologies. As a differential, our service includes a fourth area: Business Context information."
We consider that the company's business context information is fundamental when making decisions about asset protection measures. Our experience of more than 10 years in the market developing risk analysis, allows us to offer this unique additional component for a SOC/CSIRT, of great value when establishing the necessary protective measures and actions.
We have proven and efficient processes in the definition of a SOC/CSIRT in daily operation, defining subprocesses of preparation, identification, containment, eradication and recovery, immersed in a scheme of continuous improvement. Likewise, our operational processes are optimized to have visibility into the cyber-environment of the company, analysis of events and rapid and adequate response actions.
We have extensive experience in carrying out the tasks of the SOC/CSIRT. From the most basic tasks such as monitoring alerts or triage, to the most advanced ones such as analysis, correlation and threat hunting.
Our partnership with the company C-S® that produces SIEM Prelude® allows us to have the latest technology to meet the requirements necessary in today's cyber-environment, which we complement with other components to provide the precise service that our customers need.
IBM QRadar, It is the corporate SIEM (Security Information & Event Management) that has become the de facto standard in the market. It has the ability to collect security information from different data sources, network flows, assets and users, and correlate it with a powerful rule engine. In this way, it is possible to detect malicious activities in real time and be able to stop them quickly, avoiding or minimizing damage to the organization.
QRadar It allows the incorporation of a large number of applications that make it possible to exploit the collected data, incorporate new sources, analyze vulnerabilities, carry out forensic analysis, analyze user behavior, etc. and in this way increasing the power in the detection and prevention of threats.
Prelude is a SIEM (Security Information & Event Management), a security control tool. It collects and centralizes the company’s security information to provide a command center, through log analysis and correlation. It also alerts the user of attacks and intrusion attempts to the system in real time.
Prelude offers a variety of big data research and reporting tools to identify weak signals that may appear as Advanced Persistent Threats (APT).
Finally, Prelude has all the tools to assist and facilitate operator work and risk management.
Download service information
totally free. no registration required.
We offer knowledge and experience in different industries and fields through our consolidated multidisciplinary team.We provide technical and management consulting services.