Managed Security Operations Center

Managed Security Operations Center

Business-Critical Security Operations Center (SOC)

Oivan has long expertise in delivering business-critical Security Operations Center (SOC) services with Build-Operate-Transfer (BOT) model. On-premise SOC is an ideal solution for organizations operating critical infrastructure and with complex cybersecurity requirements. Our remote SOC model allows scaling up as your business requirements and needs grow and/or it can support your own SOC resources e.g. after business hours and on weekends and holidays.

Managed SOC services include

  • Intrusion monitoring, remediation and resolution
  • Advanced correlation analysis
  • Monitoring of security technologies
  • Governance, risk and compliance monitoring
  • Continuous vulnerability assessments
Implementing a Managed SOC

Starting a MSOC project, we will set the expectation with the client through direct meetings, and discuss the prerequisites for MSOC implementation, leading to the final High-Level Design (HLD), including the needed tools. The cornerstone of any SOC is a Security Information and Event Management System (SIEM).

In the second project phase, the SIEM will be implemented and integrated with key infrastructure devices (firewalls, IDS/IPS, DLP, PIM, VPN gateways, web application firewalls etc.) and systems (web servers, applications, databases).

The implementation work continues with implementing connectors and developing required parsing rules logs for any non-standard log sources. After which correlation rules reflecting the business needs and identified incident classification are designed and implemented.

In the third project phase, the SIEM setup is finalized and all required business reports and dashboards designed and configured. As a final step, all needed Standard Operations Procedures (SOPs) and guidelines are created and required knowledge transfer to client’s own personnel conducted.

Day-To-day Security Operations
  • Administration and configuration of infrastructure security devices and MSOC tools systems (e.g. SIEM, IDS/IPS, DLP, servers, applications)
  • Continuous monitoring, analysis and reporting of security alerts and event information
  • Investigating and positively identifying anomalous events detected by security devices or reported to the client from external entities, system administrators and users
  • Logging of appropriate security feeds and correlation to the SIEM tool
  • Monitoring and analyzing security event data to include investigation of reported incidents using system logs, event correlation between IDS, DLP, and firewalls
  • Reviewing audit logs and record any inappropriate and/or illegal activity in order to reconstruct events during a security incident, including monitoring network and host devices
  • Actively fine-tuning the SIEM and IDS/IPS events to minimize false positives
  • Developing any new needed connectors, parsing rules and correlation rules and security device signatures, performance reports and metrics
  • Installing or modifying network security components, tools, and other systems as required to ensure security of client’s information systems
  • Planning, testing and implementing a PoC (Proof of Concept) for system hardening, and creating of system hardening guidelines for building hardened system images to be used by the client

Additional services Oivan can offer include e.g. collecting, maintaining and managing known vulnerabilities relevant to the client’s systems, providing remedies for them and e.g. detection, investigation and mitigation of insider threats. Our experts will always work in close co-operation with our clients’ personnel ensuring continuous knowledge transfer and capability development.

Service Level Agreements

A well-implemented monitoring solution readily provides reports to allow easy comparisons with any Service Level Agreements (SLA’s). Be it a SLA from a 3rd party vendor towards you, e.g. your cloud infrastructure provider, or a SLA given by you to your client. Compliancy reports can be generated e.g. on monthly basis for invoicing needs.

Dr. Bilal Al Sabbagh

Head of Cybersecurity
+358 44 921 8438
+966 50 440 3124

Teo-Tuomas Hirvonen

Enterprise Sales
+358 40 733 1650
+966 53 819 0659