Security systems

The SIEM system is the basic work tool of Netia SOC. It handles all activities related to collecting, correlating and analyzing data, as well as generating alerts related to suspicious events take place. The system also generates reports.

Netia SOC provides monitoring services based on SIEM systems from leading vendors: IBM Security and Logpoint.

As one of the few on domestic market, we use SOAR (Security Orchestration, Automation and Response) tools to automate analytical and service processes in SOC.


This allows to automate the response to low-level threats, which cover the vast majority of alerts. An additional effect of implementing SOAR, in addition to increasing efficiency, is the expansion of analytical capabilities, i.e. the effectiveness of attack detection.
 

In the vulnerability detection process, we use professional, licensed scanning tools from leading providers of vulnerability management solutions, including Tenable or Acunetix. Before scanning, all tools are prepared and configured by specialized SOC L2 / L3 engineers.

The sandbox environment allows for safe malware testing (files, zero-days, URLs, email attachments, etc.), recreating its operation (detonation), detailed characterization and documentation of malicious activities. The analysis also shows the life cycle of a cyberattack, from the initial exploit and malware execution path to callback sites and subsequent binary download attempts (payload).