Most of the attacks occurred usually come from outside, such as DoOS; that’s why the mechanism of firewalls and IDS intrusion detection systems were created, which can serve certain degree of defense. However, attacks originated internally are extreme difficult to defend. Therefore, there’re many attacks that will try all means to plant malware into one of the computers within the unit, start the attack from inside or to stole data and transmit outside. As a result, a complete SOC platform and technologies must be constructed and able to defend the attacks from both inside and outside environment. SIEM is the core module for smart judgment capability of SOC platform. Served as an integrated information incident management platform, SIEM mainly provides users with more real-time and effective information security management. SIEM system collects logs of multiple information security equipment, such as network equipment, operating systems, and applications. With the data collected, SIEM will filter、generalize and make correlation analysis, immediately identify the incident and security status from massive and complex log files.
A self-built SOC case of client is an extremely complex project. To ensure the SOC will operate successfully, the processes involve not only the selection and building of a SIEM platform, but also the training of SOC related organizations, in-charges and SOC staff (daily operation and dealing with security incidents) and a SOP of future maintenance & operation should be included. Acer Cyber Security Inc. (ACSI) has professional and extensive experiences in practical maintenance & operation of SOC for years; we are willing to help our clients to plan out the building of SOC. Furthermore, the intelligence level of association rule is essential to the success of SOC platform. With years of stable maintenance & operation, ASCI SOC has accumulated more than ten thousand security alert notifications and related information. We’ve created over 100 association rules, and still counting. ACSI SOC truly is the most experienced service provider with the most customers, strongest operating force, and covered incidents in the most extensive aspects domestically. For those who have already owned SOCs, but need the assistance from professional service providers, we can help through "collaborative maintenance & operation" which can connect and integrate SOCs of both sides. Collaborative maintenance & operation enable specialized service from =provider to assist the other (clients) monitor important security incident and complement the insufficiency. During the non-operating hours of the client, we provide non-stop monitoring service as well. If there’s suspension over clients’ ends, collaborative maintenance & operation enable provider to take over, carry out the back-up support function of SOC platform.
- Supply with practical experience in SOC maintenance & operation, having extensive knowledge of SOC operations.
- Offer the best SIEM product and technology on the market to serve as the basis of SOC security defending platform.
- Successful cases of SOC building all over the world.
- Exclusively customized monitoring specifications and reports.
- Allow platform expansion and collaborate maintenance & operation.
- Gaining practical experience from major professional suppliers, build up information security management immediately and effectively.
- Increasing time efficiency of self-built SOC, reducing exploration period of SOC maintenance & operation.
- Using collaborative maintenance & operation to achieve back up support effect or 7x24 ongoing service of SOC platform.
- Continue to acquiring technical support from professional suppliers, elevating self SOC technical capabilities.