SOC MONITOR

Find, detect and respond effectively to cyber-attacks within your environment with 24×7 monitoring services provided by our expert staff and industry-leading technology. Nettitude’s SOC 24×7 Monitored Services provide a threat intelligence-led approach to provide you with visibility and actionable pro-active guidance leading to a high level of assurance back to your organisation.

 

  • 24×7 global eyes on screen SOC Service.
  • Trained analyst experts dedicated to detecting and responding to alerts within your environment.
  • Built on industry-leading SIEM platform from LogRhythm.
  • Seamless interface with Incident Response and Reverse Engineering Malware teams.
  • Web Dashboard for Health, Incident and High-Level Monitoring.
  • ISO 27001 assessed environment PCI Compliance service provider.
  • Benefit with Threat Intelligence from the Nettitude global honeypot network.
  • Deploy ThreatReceivers (HoneyTraps) into your own environment.
  • Threat Intelligence services from both in house commercial feeds and open source feeds (contextualised).

The Nettitude SOC operates as far more than simply a managed logging service. Built around advanced Threat Intelligence integrated with industry-leading technology, it is designed to deliver a highly relevant service.

The Nettitude SOC operates as far more than simply a managed logging service. Built around advanced Threat Intelligence integrated with industry-leading technology, it is designed to deliver a highly relevant service.

The Nettitude SOC 24×7 Monitored Service provides you with the assurance that your environment is not only being monitored, but that alerts and an appropriate response can be determined quickly when needed. It can be easy to become swamped in log data and lose sight of why the service is needed and what is being protected.

Nettitude’s SOC 24×7 Monitored Service gives a straightforward way to manage the risks to your critical assets, with a focused, highly capable service at a predictable cost. Leveraging the benefits of a global managed service with a personalised extension to your existing cybersecurity teams brings a unique business advantage. The service will effectively and efficiently identify and manage cyber threats thereby minimising the likelihood and possible impact of incidents that could affect the organisation.

The Nettitude SOC Team Will Help You With:

  • Understanding the real threat landscape relevant to your organisation, critical assets and risk appetite.
  • Review your security strategy, requirements and objectives and align to the maturity and roadmap of your organisation.
  • Collect, correlate, analyse and triage events across your organisation.
  • Provide deep-dive experts in network, host and malware investigations.
  • Give clear actions, next steps and guidance around improving and maturing your security posture.

The SOC Monitored Service Is Built Around:

  • LogRhythm, a purpose industry-leading Next-Gen SIEM tool to harness and sift the data.
  • Managed Vulnerability Scanning Service to identify known weakness/vulnerabilities.
  • Active and relevant Threat Intelligence data and feeds.
  • Comprehensive endpoint tools.
  • Network monitoring and traffic analysis.
  • Behavioural analysis.
  • Deception technology – Threat Receivers (HoneyTraps) to detect ongoing malicious activity.
  • Advanced expert incident response capabilities when needed.

The Service Delivers:

  • 24×7 monitoring of events and incidents within your environment.
  • Web console and dashboard showing incidents, health status and management information.
  • Event alerting, actions and remediation advice.
  • Incident Response experts and capability including malware analysis services.

SOC 24×7 Monitored Capabilities

The Nettitude SOC brings together a wide range of skills, knowledge, technology and services to provide a comprehensive approach to detecting threat actor’s activity within your organisation.

Threat Intelligence

  • Threat Actor Database & Tracking
  • Understanding the real attack Surface of your organisation
  • Global HoneyPot Network
  • Consultative & Threat Feeds
  • CBEST/STAR Certified

Technology

  • LogRhythm (Threat2Alert)
  • Tenable.io
  • CarbonBlack
  • ThreatReceivers
  • Network Traffic Capture
  • Ability to ingest log data from security products, technology and software

Skills

  • Skilled and experienced SOC Analysts
  • Offensive Security Knowledge Base (Red Teaming, etc)
  • Malware Analysis and Reverse Engineering
  • Vulnerability Research and exploit development
  • Forensics
  • Incident Response
  • Network, Host and Malware investigations

Service

  • 24×7 Eyes on screens
  • UK and US SOC
  • Customisable Reporting
  • Business Intelligence Workshops/Reviews
  • Malware analysis service

The Service Delivers:

  • 24×7 monitoring of events and incidents within your environment
  • Web console and dashboard showing incidents, health status and management information
  • Event alerting, actions and remediation advice
  • Incident Response experts and capability inc malware analysis services

Why Use A Managed SOC?

There are many reasons why a manged SOC may be best for you, but an in-house SOC, or a hybrid model that uses a managed service for escalations or specific tasks will work better for some organisations. Nettitude adopts a flexible and varied approach dependant on your needs and requirements:

1: Can I tell Senior Management if we have been breached?
2: Can I report cyber incidents in a timely manner?
3: Can I assess the impact on the organisation of cyber attacks/breaches? Can I report for GDPR, PCI, etc. as required?
4: Can I get early warning signals that our organisation is under attack, or being targeted?
5: Do I know if traffic from our organisation is communicating with unwanted countries, services, TOR/dark web, known malicious internet servers, etc?

6: How many attempts to compromise our attack surface have there been in the last 30 days? How sophisticated are they?
7: How well protected are our critical assets? How close to being compromised are they?
8: How can I give assurance that our environment is monitored and effective response is in place, should the worst happen?

Advanced Capabilities For APT Type Attack Detection

Nettitude Managed 24×7 SOC Services give you access to unparalleled capability. Combining the unique knowledge around threats, how malicious attackers really operate and what is happening right now, gives your organisation peace of mind that the appropriate level of detection and response is in place for a cyber-attack.

1. Experts with a deep knowledge of sophisticated offensive attacks

  • The technical assurance teams within Nettitude operate at the top of the industry and have a deep understanding of offensive security (How attacks really happen) through red teaming, CBEST/STAR and threat intelligence-led assurance testing, vulnerability research and exploit development.

2. Threat Intelligence-driven service

  • Nettitude drive all their services through a threat intelligence-led strategy. Understanding who, how, why and when attacks will happen in the context of your organisations critical assets and attack surface is fundamental to adopting the right cybersecurity approach.
  • Nettitude’s Global HoneyPot Network provides up to the date attack information from 30+ countries and all the main financial hubs in the world.
  • Threat Receivers (HoneyTraps) (link) can be deployed within your organisation to identified first-hand current/ongoing attacks along with the methods, tools and tactics being used by malicious users.

3. Industry recognised

 

  • CREST CIR Programme Member (link)
  • SC Magazine 2017 Finalist and runner up.
  • LogRhythm MSSP of the year 2015.

4. Operating at the Forefront of the Industry

  • Working with CREST to define standards for the accreditation of SOC’s.
  • In house developed SOC Maturity Model
  • Evolving intelligence-led testing into Purple Teaming, SOC Maturity Assessments and the governance of Technical Assurance.

 

5. Industry Leading (Next-Gen) Recognised Technology

  • No LogRhythm SIEM.
  • Gartner Magic Quadrant since 2012.
  • Highest product/service scores for Threat Intelligence and SIEM and Compliance.
  • Dedicated to Cybersecurity Intelligence.
  • Designed for Managed Services.
  • CarbonBlack (EDR).
  • Tenable.io (Continuous Vulnerability Scanning).

 

6. Strong Research & Innovation

 

  • Vulnerability research, reverse engineering and exploit development.
  • Bespoke tools, sophisticated attack platforms, cyber ranges, HoneyTraps, etc.

Threat Intelligence And Threat Hunting Capabilities

Nettitude’s 24×7 Monitored SOC services are built around a fundamental understanding of threats, capabilities and approaches. Highly regarded offensive capabilities to simulate scenarios with our own in-house but tooling gives the managed SOC service a highly pragmatic, relevant and essential level of knowledge. The use cases and playbooks built up from this knowledge can be rapidly deployed into service on your log sources. The combined benefits of the global honeypots, threat actor databases and millions of previously used malware samples, ensure you can leverage this capability.

How Does Threat Intelligence Feed The SOC?

  • Nettitude have developed their own global honeypot network with 100’s of nodes capturing live attacks, malware and indicators of compromise.
  • In-depth malware analysis and reverse engineering skills.
  • Nettitude have developed their own global honeypot network with 100’s of nodes capturing live attacks, malware and indicators of compromise.
  • In-depth malware analysis and reverse engineering skills.

Feeding the SOC With Data

At the outset, it is essential to collect the right log data from your environment. What you collect, at what level, and when will be based on an understanding of your critical assets, attack surface and the threats you’re likely to face. Nettitude will work closely with you at the outset to ensure an appropriate proactive data gathering approach is adopted and presented to you.

Data should be collected from a variety of appropriate sources and based on your business intelligence needs. Both internal and external collection is critical.

Some of the sources may include:

Log Data

  • Direct Log Sources
  • Investigation
  • Forensics

Threat Intelligence

  • OSINT
  • Commercial Feeds
  • Global HoneyPot Network
  • Technical Feeds

Deception Technology

  • ThreatReceivers (HoneyTraps) – Internal / External
  • HoneyTokens
  • HoneyPlatforms

Data Enrichment

  • Endpoint Detection & Response (EDR)
  • Network Data (PCAP)
  • Malware Capture/Analysis
  • Vulnerability Data

Custom Bespoke

  • Botnet Monitoring
  • Phishing Traps