Connect44

Enterprise Services Security Operations Center

Connect44

Connect44’s Security Operations Centre (SOC) builds upon the strong foundation of Connect44’s Network Operations Centre (NOC) practice which delivers multiple customer solutions.

The NOC solution itself offers resilience, integrated Front/Back Office functions, and dedicated secure areas, per project and client, where all physical access is customizable and controlled; the SOC is an essential function in ensuring an organization’s cyber security.

The Service Operations Centre of Connect44 undertakes Network monitoring, reporting on service KPIs and availability, event correlation, Network Assurance, and Incident (Network) analysis and intervention. In essence, when in operation with the NOC service the SOC would receive Network Hardware security alerts from the customer through the NOC feed and IT and Application security alerts directly from the customer infrastructure.

ScrollScroll
Connect44

Enterprise Services Security Operations Center

Connect44

Security Operations Centre Mission

Security Operations Centre Mission:
  • Earliest attack and security issue identification
  • Expedite threat impact reduction
  • Optimal Security Intelligence to handle the business risk
The Security Operations Centre is designed to:
  • Act as a single point of real time monitoring and responding to security threats
  • Prevent Cyber Security threats from impacting the Customer’s business
  • Ensure Business Continuity and Return to Operation efficiency
  • Have a robust Incident Response function and process
  • Work with the Customers Network and Application teams to ensure remediation of risk across components of both the network and application infrastructure.
ScrollScroll
Connect44

Enterprise Services Security Operations Center

Connect44

The Security Operations Centre (SOC) - Solution

Monitoring Function

Monitoring activity is used to determine whether a breach may have occurred or in fact is underway. Here Security Information and Event Management (SIEM) tools should be used to undertake behavioural threat analytics and leverage on both AI and machine learning.

Intelligence Function

The Intelligence Function consists of an ongoing analysis of whether a breach or a vulnerability is present, dependent on enterprise activity. Here the SOC analysts perform reviews of alarms and alerts, with the use of AI input from the SIEM attack patterns, so vulnerability exploits can be identified.

Baseline Function (Vulnerability and Penetration Testing Function)

The Baseline Function underpins the Intelligence Function through the run time and scheduled activity of Vulnerability Scanning and Penetration Testing respectively.

Forensic function

This function is triggered through an alert or an incident which then undertakes an incident response, this response being dependent on the type and level of security issue. Here an Incident Response team is formed (with relevant members of the SOC team and Connect44’s organization) to manage the incident from containment to resolution, communicating with the enterprise organisation on the progress to resolution, providing full incident reporting, and recommend chosen permanent corrective actions to prevent reoccurrence.