We understand deployment as not only installing the tool in your infrastructure, but also configuring it properly for efficient service delivery. The highest visibility in the CyberSOC service is achieved when three types of tools are used for event monitoring, i.e. SIEM, EDR/XDR, NDR. We will recommend tools based on your expectations and the specifics of your organisation.
Managed 24/7 SOC
It is a set of services from the Security Operations Centre (SOC) for centralised monitoring and prevention of cybersecurity events. The main task of CyberSOC is the continuous 24/7 monitoring of customers’ IT infrastructure in order to provide timely notification of potential cyber incidents, to prevent them at an early stage, and to ensure the uninterrupted and secure operation of organisations.
CyberSOC services are available on a 9/5 or 24/7 basis, depending on the client’s needs. In this case, the threat monitoring time extends up to 4 times, as it includes non-working hours, weekends and public holidays. However, no matter which option you choose, during the provision of all services, cybersecurity analysts will actively analyse the incoming security events using the most advanced technologies, assessing their criticality and impact on your IT infrastructure.
1. Installing the necessary tools
2. Analysis of journal entries and data flows
Cybersecurity analysts identify reports of potentially harmful or damaging events from the total traffic generated and report them to those responsible in your organisation, providing details of the potential threat and recommendations or best practices for your next steps.
In order to make the identification of harmful events as accurate as possible, the threat identification rules in the monitoring tools are regularly optimised.
3. MDR (Managed Detection and Response)
The MDR service is provided on the basis of an EDR/XDR/NDR decision. Within the scope of the service, we provide: maintenance and configuration of the tool according to your needs, analysis of messages about identified security events, and, if scenarios are agreed upon, action to prevent threats when the tool does not do it automatically.
4. Threat hunting
Cyber threat hunting is the proactive identification of potential threats in your infrastructure. It is based on what we observe in our surveillance of all our customers, information from local or international cybersecurity centres, and analysis of the threat landscape at global, sectoral or national level.
5. Vulnerability management
As part of the service, we will help you identify vulnerabilities in your internal and external IT resources using world-renowned vulnerability scanners and suggest remediation options. We will also provide you with a platform to effectively remediate vulnerabilities and manage vulnerability risk.
6. Investigation of cyber incident
After an incident, we will analyse all the data related to the incident to determine the cause of the incident, the attack chain, the damage caused and make recommendations on how to prevent future incidents. We will present all this in a report that you can use for your own internal purposes or submit to the authorities.
7. Reporting
We will provide you with a service report on a regular basis (at an agreed periodicity), which will show you information about the incidents recorded during the period and their status, the amounts of resources monitored, recommendations for improving the situation, and any other information related to the provision of service.
Why choose CyberSOC?
Competent team
The CyberSOC service is delivered by certified cybersecurity professionals.
Experience
We have a lot of experience in providing the service, but we also have refined processes and working principles.
A broad view of threats
We have a large number of external SOC customers, so we have a broad view of threat trends and can identify and test potential vulnerabilities in an organisation’s IT infrastructure, even if no signs of an attack are visible.
Real analysts working 24/7
Throughout the service, security events are analysed in depth, with specific specialist expertise and a human understanding of threat trends and the IT infrastructure being monitored.
International experience
We are active participants in the Lithuanian cybersecurity ecosystem and international organisations. We contribute to the development of international standards. Membership of FIRST.org and TF-CSIRT.
Specialising in cybersecurity
NRD Cyber Security specialises in cybersecurity. As well as providing advice on how to prepare for incident management, we can also advise on other areas of security.
FAQ
What is a SOC?
The Security Operations Centre (SOC) is focused on identifying potential information security incidents by processing a sufficiently wide range of information security events and contextual data. Information security incidents may include cyber-attacks, hacking, data leaks, breaches of security policies. These tasks are most effectively performed by cybersecurity analysts using technology.
Why choose an external SOC?
What is a 24/7 SOC?
Why do you need a 24/7 SOC?
What does it take to build a 24/7 SOC?
What is the difference between SOC and MDR?
CyberSOC customer stories and related news
SOCShare: key cyber threats in Lithuania in December 2023
SOCshare: the start of 2024
CyberSOC managed SOC services in the Bank of Botswana
Report an incident:
If you experience a cybersecurity incident, you can report it by filling in the form or by sending an email to cirt@nrdcs.lt.
NRD CIRT was established in 2014 and is the first private cybersecurity incident investigation service in Lithuania. We help our clients to protect, detect, respond and mitigate cybersecurity incidents. NRD CIRT is a member of the international organisations FIRST.Org and Trusted Introducer.
Use PGP to ensure the confidentiality of the information you send:
RSA2048 0x0BE6C08E 2014/04/11 NRD CIRT cirt@nrdcs.lt
fingerprint = 36 7D 9A BB 30 1A E0 5C C1 06 F4 9C 11 54 3E 9E 0B E6 C0 8E
NRD CIRT description: