SoC As A Service

Integrated & Unified Security Management

  • Simplify how organizations detect and mitigate threats.
  • Enable organizations to benefit from the power of actionable threat intelligence & unified security.
  • Provide the perfect, affordable fit for organizations with constraints related to budgets, expertise and resources.
  • Detect the latest threats without having to buy, deploy and manage multiple products.
  • Detect the latest threats without having to hire and retain team of security analysts.
  • Manage the threats that by unifying security technologies & processes with the latest threat intelligence.

Value Proposition

  • Asset Discovery.
  • Vulnerability Management.
  • Intrusion Detection.
  • Behavioral Monitoring.
  • SIEM.
  • Threat Exchange.
  • Firewall Management.
  • Web Application Scanning.
  • Managed IDS/IPS.
  • Managed Server Protection.
  • Managed UTM.
  • Incident Response.
  • Policy Compliance & Consulting.

Security Operations Centre Framework

Five Security Pillars in NGS SoC

SOC - Advanced Managed Security Services

  • Managed Firewall - Managed Firewall service is expertly managed by dedicated security specialists in our Security Operations Centre.
  • Web Application Scanning - This solution, delivered on demand, provides automated, self-service vulnerability security scanning of internal and external web-based applications to help you safeguard sensitive data and satisfy regulatory requirements.
  • Managed Server Protection - Managed Server Protection is a Service for both virtual and physical servers with a common management interface that provides defence-in-depth security by delivering firewall, intrusion detection and prevention, and anti-malware capabilities monitored by experienced managed security experts, 24/7.
  • Managed Datacentre Policy Compliance - Policy Compliance solution provides ready-to-use, Centre for Internet Security (CIS) based policies. These policies serve as benchmarks that you can test your environment against. The service provides over 14,000 checks to choose from - covering Windows, Unix and databases as well as user-defined controls.
  • Incident Response & Forensics - A dedicated team of deep-dive experts immediately at hand to help with identified / suspected breaches, and provide effective management.
  • RED Team Services – Expert Team Simulates Attacks, Documents Actionable Findings. See how your organization would stand up, through an emulated attack, using the same adversarial tools, techniques and procedures criminals employ. Attackers look for weaknesses in process, technology and people. Our team identify weaknesses and test preventative measures.

Security Operations Centre - Model

SOC -Operations & Incident Management

Reference Model – NGS SOC Delivery Process

Security Operations Centre - Roles And Responsibilities

SOC Manager

Defines the vision for the entire team, owns the budget and resource allocation. Acts as the bridge to the rest of the business, championing the SOC's value to the wider organization.

SOC Lead

This role demands a big picture view -coordinating responses to threats through to effectively managing team members. They run the operations of the SOC on a hands-on basis.

Security Analyst

This "eyes on glass role" is the front line, actively monitoring the system for suspicious activity and determining threat severity and complexity.

Senior Security Analyst

Combats higher levels of threats and conducts deep-dive investigations to identify affected systems, reviews intelligence reports and identifies the nature of an attack.

SIEM Engineer

Security Information and Event Management (SIEM) Engineers fine-tune, configure and maintain the SIEM tools needed to identify and repel threats.

Threat Hunter

Threat hunters are the detectives in the team. They'll use SIEM tools to review log files (in real­time), finding clues as to the nature of the attack and how to repel it.

Incident Handler

Remediates security incidents and focuses on containing and repelling attacks and repairs affected systems.

Threat Intel Researcher

This person detects the nature of the threat to identify its origin and form and then passes intelligence to the SIEM Engineer who in turn feeds it into the system.

Forensics Specialist

Conducts thorough investigations into the nature of the attack. Intelligence gathered is often shared with authorities and used as a basis to prevent future attacks.

Red Team Specialist

Actively attacks the system to identify vulnerabilities. Using ethical hacking techniques, they'll use pen-tests to highlight weak areas so other teammates can fix them.

SOC- Reference Organization Structure