Managed 24/7 SOC


It is a set of services from the Security Operations Centre (SOC) for centralised monitoring and prevention of cybersecurity events. The main task of CyberSOC is the continuous 24/7 monitoring of customers’ IT infrastructure in order to provide timely notification of potential cyber incidents, to prevent them at an early stage, and to ensure the uninterrupted and secure operation of organisations.

CyberSOC services are available on a 9/5 or 24/7 basis, depending on the client’s needs. In this case, the threat monitoring time extends up to 4 times, as it includes non-working hours, weekends and public holidays. However, no matter which option you choose, during the provision of all services, cybersecurity analysts will actively analyse the incoming security events using the most advanced technologies, assessing their criticality and impact on your IT infrastructure.

The set of CyberSOC services consists of 7 components:

1. Installing the necessary tools

We understand deployment as not only installing the tool in your infrastructure, but also configuring it properly for efficient service delivery. The highest visibility in the CyberSOC service is achieved when three types of tools are used for event monitoring, i.e. SIEM, EDR/XDR, NDR. We will recommend tools based on your expectations and the specifics of your organisation.

2. Analysis of journal entries and data flows

Cybersecurity analysts identify reports of potentially harmful or damaging events from the total traffic generated and report them to those responsible in your organisation, providing details of the potential threat and recommendations or best practices for your next steps.

In order to make the identification of harmful events as accurate as possible, the threat identification rules in the monitoring tools are regularly optimised.

3. MDR (Managed Detection and Response)

The MDR service is provided on the basis of an EDR/XDR/NDR decision. Within the scope of the service, we provide: maintenance and configuration of the tool according to your needs, analysis of messages about identified security events, and, if scenarios are agreed upon, action to prevent threats when the tool does not do it automatically.

4. Threat hunting

Cyber threat hunting is the proactive identification of potential threats in your infrastructure. It is based on what we observe in our surveillance of all our customers, information from local or international cybersecurity centres, and analysis of the threat landscape at global, sectoral or national level.

5. Vulnerability management

As part of the service, we will help you identify vulnerabilities in your internal and external IT resources using world-renowned vulnerability scanners and suggest remediation options. We will also provide you with a platform to effectively remediate vulnerabilities and manage vulnerability risk.

6. Investigation of cyber incident

After an incident, we will analyse all the data related to the incident to determine the cause of the incident, the attack chain, the damage caused and make recommendations on how to prevent future incidents. We will present all this in a report that you can use for your own internal purposes or submit to the authorities.

7. Reporting

We will provide you with a service report on a regular basis (at an agreed periodicity), which will show you information about the incidents recorded during the period and their status, the amounts of resources monitored, recommendations for improving the situation, and any other information related to the provision of service.

Why choose CyberSOC?

Competent team

The CyberSOC service is delivered by certified cybersecurity professionals.



We have a lot of experience in providing the service, but we also have refined processes and working principles.

A broad view of threats

We have a large number of external SOC customers, so we have a broad view of threat trends and can identify and test potential vulnerabilities in an organisation’s IT infrastructure, even if no signs of an attack are visible.

Real analysts working 24/7

Throughout the service, security events are analysed in depth, with specific specialist expertise and a human understanding of threat trends and the IT infrastructure being monitored.

International experience

We are active participants in the Lithuanian cybersecurity ecosystem and international organisations. We contribute to the development of international standards. Membership of and TF-CSIRT.

Specialising in cybersecurity

NRD Cyber Security specialises in cybersecurity. As well as providing advice on how to prepare for incident management, we can also advise on other areas of security.

Questions about CyberSOC will be answered by


Augustinas Daukšas

Cybersecurity consultant | CEH, CISA, CISM


Eglė Mikelaitytė

Cybersecurity consultant


What is a SOC?
The Security Operations Centre (SOC) is focused on identifying potential information security incidents by processing a sufficiently wide range of information security events and contextual data. Information security incidents may include cyber-attacks, hacking, data leaks, breaches of security policies. These tasks are most effectively performed by cybersecurity analysts using technology.
Why choose an external SOC?
What is a 24/7 SOC?
Why do you need a 24/7 SOC?
What does it take to build a 24/7 SOC?
What is the difference between SOC and MDR?

CyberSOC customer stories and related news

SOCShare: key cyber threats in Lithuania in December 2023
SOCShare: key cyber threats in Lithuania in December 2023
SOCshare: the start of 2024
SOCshare: the start of 2024
CyberSOC managed SOC services in the Bank of Botswana
CyberSOC managed SOC services in the Bank of Botswana

Report an incident:

If you experience a cybersecurity incident, you can report it by filling in the form or by sending an email to

NRD CIRT was established in 2014 and is the first private cybersecurity incident investigation service in Lithuania. We help our clients to protect, detect, respond and mitigate cybersecurity incidents. NRD CIRT is a member of the international organisations FIRST.Org and Trusted Introducer.

Use PGP to ensure the confidentiality of the information you send:

RSA2048 0x0BE6C08E 2014/04/11 NRD CIRT
fingerprint = 36 7D 9A BB 30 1A E0 5C C1 06 F4 9C 11 54 3E 9E 0B E6 C0 8E

NRD CIRT description:

RFC 2350 document

PGP signature of the RFC2350 document