Incident Response Center (IRC)
Incidents happen. You are better off with a professional team behind to help handle and resolve the incident. This is the main task carried out by the Incident Response Center (IRC).
Customized: SOC-IRC as a service
Based on our service catalog we can build a SOC organization customized to your needs. Since each service can be set up or removed on a quarterly basis, the client remains flexible. If the client loses resources, they can be compensated quickly with our service, and if the internal IT of the client can take on more tasks, the client can simply reduce our service.
Our IRC reacts quickly and 24-7 to predefined alerts and informs you about the necessary steps. Depending on the scope of the service, experts are automatically involved to deal with the threat quickly.
Roles and task in the IRC
You need only 20% threat detection, but would like to have 30% security monitoring tuning and 30% incident management? No problem. You will benefit from the knowledge of the appropriate specialist without having to hire or book them 100%.
Choose what suits your organization best:
Security Monitoring Enhancement
Our security engineer develops new use cases according to client requirements. He or she integrates new data sources and uses fusion analytics to improve quality.
Security Monitoring Tuning
The focus here is on improving the quality of the SIEM functions (e.g. detection, correlation, reporting). Findings from the daily SOC operations are incorporated to ensure continuous tuning. In addition, security relevant messages are extracted from the collected data by means of “Event Packs” or other SIEM configurations, improving the quality of the SIEM solution and reducing false positives.
A quick decision must be taken to distinguish between false positives and real incidents. An analyst makes the initial assessment before further actions are taken. This reduces the effort and leads to a decrease in the workload for the client organization. The work in this area also includes periodic checks of the SIEMs for correct functioning.
Our experience in analyzing security threats and incidents are incorporated into our own threat intelligence feed. This information can be used by customers to automate threat detection and protect against security incidents.
The work handled by terreActive includes defeating attacks and a standard forensic analysis.
terreActive searches for APTs and anomalies that are not detected automatically. We discuss the findings with the client and integrate the results into the security monitoring platform.
terreActive detects vulnerabilities, prioritizes incidents based on their potential impact and triggers alerts when necessary. In addition, classifications and summaries can be generated for the management.
Security Monitoring Reporting
The site manager prioritizes incidents and their potential impact. He or she discusses them with the client and provides input for improving IT security.
terreActive provides reports for various compliance requirements related to NIST, ISO, FINMA, etc.
Support handles all SOC services. It prioritizes tasks and resources.