Security Operation Center (S.O.C) is a system with the function of monitoring and handling information security issues to detect, analyze, react, prevent and investigate information security incidents. information, ensuring safety and information security for an organization. S.O.C consists of 3 elements: Process, People and Technology.
The need for S.O.C
In the context of the global movement towards a smart nation era, the industrial revolution 4.0 is being promoted all over the world. As a matter of course, interactions on the Internet are growing, leading to a greater risk of information insecurity due to reasons such as:
- Developed IT creates an ideal environment for hackers to attack with more sophisticated, unpredictable, and larger-scale methods.
- Awareness about information security of users is still limited.
- The investment is not methodical and patchy of organizations in the field of information security.
- Difficulty in complying with information security policies.
Services provided include
Monitor Server and Workstation System (Endpoint)
Server and computer systems will be monitored 24/7/365.
The scope of supervision includes:
- Monitor and detect signs of network attacks such as signs of connection to a malicious code control (C&C) server, signs of widespread malicious code spread in the system.
- Monitor and detect anomalies on the Endpoint layer (workstation/server) in the customer’s system.
- Detection of intrusions on the Endpoint layer.
Monitor and detect network layer attacks
Network traffic and packets will be collected and analyzed by sensors, combined with automatic malware analysis technology (Sandboxing) for automatic analysis and detection of abnormal signs and threats. potential attacks on the network layer. The network monitoring module also provides tools to support the administrative team in the process of investigating, tracing and in-depth analysis of signs of network attacks.
Automated response and security coordination platform
WeCloud’s S.O.C system is operated on an intelligent coordination platform, automating the response. This platform helps to integrate security technologies and process sets into the system operation automatically to create a more cohesive ecosystem of security products, optimizing the efficiency of the monitoring process. , analysis and troubleshooting.
Centralized log management and analysis
The centralized monitoring, logging and analysis system is the overall monitoring platform, playing a core role in the S.O.C system. This system enables the collection, normalization, archiving, and correlative analysis of the entire log, network information security events generated in the organization’s IT systems, and provides the ability to monitor and analyze traffic data. operate in real time. The solution can be used to search, monitor, analyze and visually review the data sources generated by all different devices to help maximize organizations and units in quickly developing detect and handle information security incidents and risks in the system.
24/7 incident response and response
Customer’s system will be monitored 24/7 by WeCloud Cyber Security’s expert team. As soon as an intrusion attack is detected, network security experts will conduct investigation, localize and isolate the scope of the attack from the customer’s network, then take professional measures, check control, network-wide response to respond, handle and prevent escalation and expansion of infection. After the incident response is completed, the customer will receive a report that includes the method of penetration, the time of infection, and recommendations on how to fix the vulnerabilities that were exploited during the attack.
Providing Knowledge & Reporting Safety
To ensure that customers are always updated and grasp information about the state of information security in the system as well as attack trends in the world, periodic reports on the situation will be provided throughout the use process service.