Security Operation Centres (SOC) service is managed security service (MSS), which extends the Security Assurance (SA) service to a managed form, including all the security operation, consultancy and technology maintenance services. At its core, the SOC service involves the analysis and filtering of the automated security assessments of the SA service by expert security engineers and the provision of vetted and prioritised information to them along with expert recommendations for and overseeing of incident responses.
The SPHYNX SOC service involves:
- Custom threat intelligence
- Analysis of automated CTI findings, confirmation, prioritisation by team of expert security engineers;
- Recommendations for action.
- Managed alarm monitoring and incident investigation
- Post automated analysis assessment and prioritisation of alarms and incidents;
- Assessment of impact and potential impact of alarms and incidents;
- Post automation assessment of emerging threats;
- Reporting – Communication of findings.
- Managed incident response
- Provision of customised and executable incident response playbooks (CACAO);
- Development of responses to incidents;
- Scheduling and overseeing execution of incident response plans beyond playbooks;
- Reporting – Communication of findings.
