Constant cyber protection of your business
Our team of Security Operations Center (SOC) experts ensure that your business is secure around the clock, 365 days a year thanks to the outsourcing of cybersecurity services.
Flexibility and scalability
We offer various models of cooperation in the field of cybersecurity outsourcing, including SIEM (Security Information and Event Management) systems based on the volume of traffic or the number of monitored sources. The service can be modified at any time in accordance with the changing needs and requirements of your company.
We provide a high level of Netia SOC (security operations center) service in terms of failure handling and incident response time. The quality is confirmed by numerous safety certificates, e.g. certified ISO 27001 (Information Security Management System), CISSP (Certified Information Systems Security Professional) and CEH (Certified Ethical Hacker).
We provide a high level of cybersecurity outsourcing services in the form of Netia SOC (security operatios center) in the field of failure handling and incident response time. The quality is confirmed by numerous safety certificates, e.g. certified ISO 27001 (Information Security Management System), CISSP (Certified Information Systems Security Professional) and CEH (Certified Ethical Hacker).
With Netia SOC (Security Operations Center), we provide effective incident analysis and handling processes and reduced response times to cybersecurity incidents by using SOAR (Security Orchestration, Automation And Response) solution and ML (Machine Learning) mechanisms. All this translates into lower costs for the Security Operations Center outsourcing service.
ensuring quick detection and response to incidents
2 SIEM systems + 1 SOAR class system
Support of specialists
of security monitoring and incident response
Launching in a few days
the basic version of SOC monitoring
incoming and lost
thanks to the redundancy of the solution
depending on the needs
Service for links
regardless of supplier
from leading manufacturers
Netia SOC Services
Monitoring and handling of incidents
Security monitoring using tools such as SIEM and responding to suspicions and handling identified incidents.
Incident analysis and classification
Determining the importance of incidents, performing analysis and taking actions for the most critical events.
Management and configuration of security devices
Thanks to comprehensive knowledge and experience gained in many projects, SOC (Security Operations Center) operators configure security systems, additionally taking into account the specificity of each client's operation. They introduce changes on an ongoing basis, along with the emergence of new threats or vulnerabilities.
Integration of security systems
Netia SOC can integrate various customer systems as well as external sources of information within one SIEM/SOAR platform.
Network scanning / Vulnerability tests
Cyclic network scanning allows you to find vulnerabilities and errors in device configuration. Such analysis allows for better identification of key risks and planning actions to reduce the risk of burglary, data leakage and, above all, protects against burglary.
Thanks to security policies, it is possible to determine what systems operate, what procedures are in place and to set directions for the development of security in the company. Support for Netia's specialists in creating internal security policies and procedures based on recognized standards such as ISO 27000 series. Assistance in risk analysis, security development strategy planning and investment prioritization.
Performed in a safe environment (Sandbox) and through reverse engineering, it allows you to gain knowledge about the operation and attack vectors of malware, increase security and help in the analysis of incidents.
After burglary analysis
In the event of a customer being hacked, Netia's SOC (Security Operations Center) operators analyze the event, collect evidence for the relevant services and prepare recommendations for changes. Along with external sources of knowledge about an attack or leak, it is recommended to cooperate with other enterprises that are not aware of such a problem.
Investigative computer science
In the event of an external attack with multidimensional consequences or, for example, a data leak caused by internal users, the source of the attack should be found and sufficient evidence should be collected for auditing or law enforcement authorities. All Customer systems reporting to Netia as Cybersecurity Providers provide input data for full forensic analysis. Detailed information or recommendations are the product of a complex analysis of logs, events, correlations, etc. carried out by the Netia team in cooperation with the client.
The best systems and their integration will not protect the company's resources without the awareness of employees, therefore qualified specialists from Netia's SOC (Security Operations Center) can conduct training and raise awareness of the client's employees.
CTI (Cyber Threat Intelligence)
Using the dynamically updated knowledge base of providers and information coming from Netia's network, we can effectively counteract the latest threats that are unknown to previous generation tools (e.g. signature AV, where the average time from the appearance of a threat to its effective blocking on devices is several weeks).
What mainly determines the price of the SOC – Security Operations Center service?The price of the SOC (Security Operations Center) service is influenced by several essential elements:
• the number of alerts generated by the SIEM system per day to be handled
• the number of confirmed security incidents per day to be mitigated
• number of monitored sources - SIEM system - client vs. supplied by Netia
• amount of data (GB/day) or events per second (Events per Second) generated by sources to the SIEM system - time range of service provision (e.g. 24/7/365 vs only monitoring outside working hours and on holidays)
- service variant (full SOC vs SOC Lite; monitoring vs monitoring + incident handling)
- SLA level - contract length
What are SIEM sources?The source is any element of the ICT infrastructure (including applications) that is able to generate and send a log - information about an event.
How does a SIEM system work?The SIEM system is the basic working tool of every SOC. This system collects logs from monitored sources, aggregates and normalizes them (standardizes them), and then, based on the rules implemented in it, it correlates logs. Based on these correlations, alerts are generated, which are then verified by a team of SOC analysts.
What does the work of specialists in the SOC (Security Operations Center) consist of?Employees of the first line of SOC support (SIEM analysts) take generated alarms in order to verify them. Most of the alarms that appear are false alarms, only some of them relate to real security incidents. If it is confirmed that an alarm was related to a security incident, a so-called ticket is set up to handle the incident properly, and a level of significance (criticality) is assigned. Incidents with the highest level of criticality (e.g. ongoing data leak, ransomware campaign) are handled with a higher priority than incidents such as SPAM campaign or network scanning of the organization. In order to handle the incident, the SOC analyst often needs to obtain additional information - e.g. by delving into retail data (logs) or by contacting the person responsible for security on the client's side.
The simplest incidents are handled on the 1st line of SOC support, however, in the case of some more advanced cases, the support of the 2nd and 3rd line of SOC is necessary.
After solving the problem (known as incident mitigation), the problem ticket is closed.
Is it possible to provide the service on a SIEM system owned by the Customer?Yes, we can provide the service in this model. We can work directly on the client's SIEM system or integrate it with Netia's SIEM systems.
What scenarios do we implement in the SIEM system?For smaller or less demanding clients, we usually implement a dozen or so generic correlation scenarios (e.g. network traffic anomalies, multiple failed logins). Their scope allows SOC monitoring to cover most of the most frequently occurring incidents. Currently, we offer about 100 generic scenarios defined - for immediate implementation in the SIEM system.
For larger entities, we prepare dedicated scenarios, taking into account the specificity of their industry, the size of employment, the size and complexity of the ICT infrastructure, as well as the specific needs and requirements of the client.
Can we include a provision in the contract with the client about the total security guarantee?No, there is no such thing as complete IT security. Cybercrime takes more and more professional forms, the methods of carrying out attacks and the tools used in them evolve, which makes it more difficult to effectively protect against cyberattacks. The effectiveness of an attack depends on the attacker's time and financial capabilities, and there will always be a way to carry out such an attack.
Each ICT security solution or service (including SOC) minimizes the risk of an attack, and also reduces the risk of its effectiveness, and consequently - significantly reduces the risk of potential financial, image or legal losses.
In what form can you use professional services?There are 3 basic models for the provision of these services: - a one-time service (on demand, ad-hoc)