Working with Your Environment
Creating a SOC / SIC can be a very stressful and, financially wasteful aspect to some companies without the right guidance. We can help alleviate most of the worries, headache and financial cost associated with establishing a security team. Not only will we listen to your needs but your security team as well. We will establish a day-to-day basis for operations and learning how events are triaged, what tools you are using, which tools you need and how to configure security with the latest standards and best practices.
From Linux to Windows server, Linux endpoint to Windows Endpoint and MacOS we have the tools and knowledge to help you establish a well working security operations center, complete with training, procedures, escalation paths and everything your company needs to succeed.
Our experience also extends into regulatory (SOX, PCI/DSS, etc.) where data retention, fields and reporting are a necessity for companies that need to fall in line with local and federal laws. With emphasis on the DFIR process we can quickly gauge the information needed and provide meaningful feedback before, during, after and from previous incidents or breaches.
The Process
Once our team has worked with your security team and we've begun to hash out changes, processes, alerting, technologies, etc. We will begin the process to help your environment transition to a better workflow. If in the event there have past incidents or breaches we will help identify where the reporting and containment could be better, determine where gaps may have impacted your response process and help the organization justify why those points of data are required. From this point, we will work with your engineering team to get those changes implemented and work with your SOC leads to develop a response process for your analysts.
How it Works
-
Scoping
Your security operations center is analyzed and we work alongside your team for the first few weeks, hands-off. We learn how they think, their process, the business process and your tooling solutions. We also review alerting, systems in your environment and establish any critical systems, applications or portions of your business. Once we understand your "crown jewel" systems we begin to formulate and shape what the future of your SOC will look like and, how it will operate. .
-
Review of Past Security Events
Have vulnerability reports, previous penetration testing / engagements? Or, have you sustained a breach? We will not only review the information presented to us, but also the method by which your organization utilized to contain and clean up the security event.
-
Justification of Alerting
After building an adequate review of your log sources and collections we will utilize past incidents in tandem with the current state and our proposed changes. Those changes will provide vital feedback regarding the data, its importance and how it can lead to a faster (Mean Time to Respond / Mean Time to Recover) thus saving the business in wasted costs.
-
Review of Past Incidents
While the justification is being built we will also work with the security team to review past incidents. From this prospective we will mockup how the currently deployed and suggested recommendations can assist in time savings to contain and stop the bleeding on an incident. Once a baseline is established those findings will also be included within the final reporting.
-
SOP Creation & Training
After all the suggestions have been implemented, we will work closely with your security team to produce Standard Operating Procedures for your environment with the new alerts and logs. Once this is conducted your environment will have a new set of actions to take with the newly created logs and points of interest and how to respond to them.