In addition to the costs of creating its own. SOC, any company sooner or later faces the ne to choose the functions that it will support. And the costs of their support are not always justifi in the case when the SOC serves only one client. If you use the services of a third-party company. You can choose the necessary functionality and expand it in the future at your own discretion or if necessary.
For example, the basic functionality of any
SOC includes services for monitoring information security incidents, investigating them, and issuing relevant recommendations. Such recommendations may include proposals for both changing the settings of existing equipment. And updating technological/organizational measures for protecting information in the company.
But our clients are interest not only in the basic functionality. But also in proactive protection services — reconnaissance and detection. Of threats notic on the market that are not directly relat to.
the company at the moment, but may cause problems in the future.
This service includes providing
the customer with a summary of new trends in the implementation of attacks (for example, attacks on peripheral devices) and the results portugal whatsapp data of reconnaissance activities (this may be data on a method of attack on the SOC’s own resources, which are deliberately configur to attract attacks from all over the world); this also includes an analysis of the customer’s infrastructure for susceptibility to new types of attacks and recommendations for its proactive protection. In addition to assessments and analysis of external threats that are present or gaining momentum in the world, the customer is also provid with such functions a service for assessing the internal state of information security, and this can be either an assessment of existing vulnerabilities (BlueTeam), carri out jointly with the customer’s representatives, or penetration tests (RTeam). Bas on the results of the latter, recommendations are issu for improving the information security system in order to minimize the identifi threats.
SOC can also offer its clients a subscription
Information such functions looking at the graphics, we can see that intensive security bulletins (Cyber Threat Intelligence) from various sources, including automat control of the customer’s security according to these bulletins. Unlike an internal SOC, a company providing outsourcing services is able to aggregate a wide variety aero leads of information and transfer it to the client in the volume that will be sufficient for its specific infrastructure. For an internal SOC, such functionality will cost much more, since it will be necessary to purchase the necessary information from each source separately.
