Managed Security Operations Center
On-premise and remote Managed SOC (MSOC) solutions for monitoring threat feeds and analyze user and network behavior.
NXme has long expertise in delivering business-criticial Security Operations Center (SOC) services with Build-Operate-Transfer (BOT) model. On-premise SOC is an ideal solution for organizations operating critical infrastructure and with complex cybersecurity requirements. Our remote SOC model allows scaling up as your business requirements and needs grow and/or it can support your own SOC resources e.g. after business hours and on weekends and holidays.
Managed SOC services include:
- Intrusion monitoring, remediation and resolution
- Advanced correlation analysis
- Monitoring of security technologies
- Governance, risk and compliance monitoring
- Continuous vulnerability assessments
Implementing a Managed SOC
Starting a MSOC project, NXme will set the expectation with the client through direct meetings, and discuss the prerequisites for MSOC implementation, leading to the final High Level Design (HLD), including the needed tools. The cornerstone of any SOC is a Security Information and Event Management System (SIEM).
In the second project phase, the SIEM will be implemented and integrated with key infrastructure devices (firewalls, IDS/IPS, DLP, PIM, VPN gateways, web application firewalls etc.) and systems (web servers, applications, databases).
The implementation work continues with implementing connectors and developing required parsing rules logs for any non-standard log sources. After which correlation rules reflecting the business needs and identified incident classification are designed and implemented.
In the third project phase, the SIEM setup is finalized and all required business reports and dashboards designed and configured. As a final step, all needed Standard Operations Procedures (SOPs) and guidelines are created and required knowledge transfer to client’s own personnel conducted.
Day-to-day Security Operations
- Administration and configuration of infrastructure security devices and MSOC tools systems (e.g. SIEM, IDS/IPS, DLP, servers, applications)
- Continuous monitoring, analysis and reporting of security alerts and event information
- Investigating and positively identifying anomalous events detected by security devices or reported to the client from external entities, system administrators and users
- Logging of appropriate security feeds and correlation to the SIEM tool
- Monitoring and analyzing security event data to include investigation of reported incidents using system logs, event correlation between IDS, DLP, and firewalls
- Reviewing audit logs and record any inappropriate and/or illegal activity in order to reconstruct events during a security incident, including monitoring network and host devices
- Actively fine-tuning the SIEM and IDS/IPS events to minimize false positives
- Developing any new needed connectors, parsing rules and correlation rules and security device signatures, performance reports and metrics
- Installing or modifying network security components, tools, and other systems as required to ensure security of client’s information systems
- Planning, testing and implementing a PoC (Proof of Concept) for system hardening, and creating of system hardening guidelines for building hardened system images to be used by the client
Additional services NXme can offer include e.g. collecting, maintaining and managing known vulnerabilities relevant to the client’s systems, providing remedies for them and e.g. detection, investigation and mitigation of insider threats. Our experts will always work in close co-operation with our clients’ personnel ensuring continuous knowledge transfer and capability development.
To find out more about NXme’s Managed Security Operations Center Services, please fill in a contact form or contact us directly:
Vice President, Sales
Dr. Bilal Al Sabbagh
Head of Talent
Senior Consultant (Cybersecurity)