The Secure Sphere Consulting SOC is a 24-hour operating centre with a multi-tiered structure of specialist Cyber Security Analysts and Security Engineering staff analysing incoming events in real-time and responding to cybersecurity threats.
The Secure Sphere Consulting SOC is built and run based on industry best practices and our methodology around our People, Processes, and Technology ensure efficiently and highly effective operation using the following tools:
Security Incident and Event Management (SIEM) - Collecting events and logs from across your full IT environment creates the visibility needed to know what security incidents and threats may be inside your networks or attempting to get there.
Real-time threat detection – Knowing about a threat or attack at the time it happens is vital for quick remediation and minimizing or preventing an incident from causing financial or reputational damage to your organisation.
Global Threat Intelligence Feeds – Tapping into the world’s network of intelligence feeds add rich context by correlating known bad actors and IOCs with events and traffic to and from your network ensuring even the latest threats are identified.
Vulnerability Identification & Management – The vulnerabilities in IT systems (be they servers, endpoints, or infrastructure devices) are the weaknesses targeted and exploited in almost all successful breaches. Identifying and remediating these is crucial to preventing systems from being compromised.
Network and Host Intrusion Detection - Network Intrusion Detection Systems (NIDS) monitor network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices. Host Intrusion Detection Systems (HIDS) monitor system and server logs for malicious activity as well as monitor folder for file integrity and does Windows registry integrity monitoring.
Darkweb Monitoring - Whether a company has compromised user accounts being published or are on a list of targeted organisations or even being discussed amongst the hacker groups, this usually occurs within the dark web. Darkweb monitoring is performed by systems and/or covert agents that feedback and report on any references being made about an organisation or it’s users.
Cloud Integration and Monitoring - With more companies migrating systems to the cloud for hosting or consuming cloud-based SaaS, it is vital that the security of these systems are on-point! Visibility into these cloud systems, either through systems logs, platform event triggers or direct integration is critical in identifying and mitigating security threats in these environments.
Threat Hunting - Automated systems and tools are not capable of identifying 100% of all malicious activity in an environment. The practice of threat hunting is proactively searching for threats in your environment where malicious actors may have avoided being detected by existing tools. Whether it manually scanning samples of logs, investigating unusual traffic, or digging deep into a specific transaction, this human interaction with your systems is the ‘cherry on the top’ of a good security strategy.
A key benefit of leveraging the Secure Sphere Consulting SOC, that any Indicator of compromise (IOC) discovered by the team, can be correlated and shared with all clients.