Creating or managing a SOC within a company is no small hurtle. There are many obstacles which can affect the overall performance of your analysts, how they report, escalate, triage and contain events or incidents. The complexities of todays SOC's are growing. New technologies are emerging every day which plug into your business with the promise of making your life as well as your employees lives easier. With the number of emerging threats that grow exponentially each day, it's imperative to establish a SOC that can respond, contain and remediate new threats at any stage of detection.
As of 2021 the current issues plaguing the security landscape is the sheer number of talent vs the number of tickets and events that have to be worked. Where do you go for tooling, training and how do you keep your team relevant? Network Defense Solutions, Inc. has the tools as well as the knowledge to help you establish a well performing SOC. With assistance in areas of SOPs (Standard Operating Procedures) which are clearly defined and, which we can deliver training on to tools which can be utilized in Linux, MacOS and Windows.
Network Defense Solutions, Inc. will evaluate the processes you are utilizing to the tickets in which you are triaging and, we will also discuss past incidents with you. Once we understand the type of environment you currently have we will make suggestions based on logging, data retention, processes to limit the SLA spent on triage (whether incident, ticket, or false positive), help develop training for all skill levels and either help you deliver those materials or deliver those materials ourselves (PDF, Presentation or, Video tutorials).
-
Understanding Your Environment
Our approach is simple. We aim to understand what log sources you have and, what is your critical data -- and finally, what it is that you are responding to. We will make suggestions based on industry best practices (SOX, PCI/DSS, etc.) as well as help you correlate information for reporting, escalation, triage, containment and remediation. We will also review your SLAs and any other details which can affect your reporting processes positively or, negatively.
-
Reviewing Current SOP's / Creating New Ones
Bases on the information we collect in step one, we will also attempt to understand how previous tickets have been completed and, if you have any processes analysts should be using. If you do, we will improve upon those techniques or write you new ones from the ground up which are more efficient and, processes that can be followed from any skill set.
-
Providing Custom / Open Source Tools & Methodologies
Don't have the budget for high-end tools? Not a problem, we can provide you with the tools you need whether custom written by us or, open-source tools your environment can utilize in order to squeeze the most amount of information from a ticket. OSINT, reputation, threat hunting, incident response? Not a problem!
-
Internal Training & Education
With all the changes that are being made for the better we will even help you train your employees with the new tools and processes so that everyone can be an expert in the newly created processes to help your environment execute it's job function as efficiently as possible. As your business grows, we can continually review the current processes and suggest changes as new challenges are met along the security journey.
If you would like to learn more about our SOP services, drop us a line to find out more!
