Incident Response Center (IRC)
Incidents happen. You are in good shape if you have a professional team behind you to help handle and eliminate the incident. This is the main task for the Incident Response Center (IRC).
It reacts to every alarm on a 24/7 basis and provides information where required.
Security experts with different skills and expertise work in the IRC. The customer benefits from the knowledge of the appropriate specialist without having to hire or book them 100%.
By the way: Our IRC team was awarded the "Boss of the SOC"award by Splunk.
Which services does your SOC need?
The modular service catalog offers customers the flexibility to assemble individual services based on their specific needs. Each quarter they can book additional modules or cancel existing ones. The SOC services can also be used in connection with existing solutions. This means the customer does not have to replace any previously installed SIEM.
Who takes care of what?
What is done by the customer and where does terreActive take over? If, for example, regular threat detection is not possible due to a lack of resources, responsibility for this service can be passed to terreActive. terreActive aligns its activities with the requirements of the customer and offers different kinds of collaboration.
During the next quarter, the customer needs 30% threat detection, but only 20% security monitoring tuning and 20% incident management? No problem.
Service catalog: You only pay for what you need
The customer selects services from the predefined service catalog. This helps to reduce costs, as the services are assembled individually for each job role, task and frequency. The customer only pays for what they need.
How the terreActive SOC works
The SOC works on the basis of well-established processes and relies on the standardized methodology of security monitoring cycles. With this method, it is possible to achieve initial results quickly and protect the company efficiently against attacks.
Further information on the cycle for continuous optimization: www.terreactive.ch/security-monitoring/cycle
Choose what suits your organization best:
Security Monitoring Enhancement
Our security engineer develops new use cases according to client requirements. He or she integrates new data sources and uses fusion analytics to improve quality.
Security Monitoring Tuning
The focus here is on improving the quality of the SIEM functions (e.g. detection, correlation, reporting). Findings from the daily SOC operations are incorporated to ensure continuous tuning. In addition, security relevant messages are extracted from the collected data by means of “Event Packs” or other SIEM configurations, improving the quality of the SIEM solution and reducing false positives.
A quick decision must be taken to distinguish between false positives and real incidents. An analyst makes the initial assessment before further actions are taken. This reduces the effort and leads to a decrease in the workload for the client organization. The work in this area also includes periodic checks of the SIEMs for correct functioning.
Our experience in analyzing security threats and incidents are incorporated into our own threat intelligence feed. This information can be used by customers to automate threat detection and protect against security incidents.
The work handled by terreActive includes defeating attacks and a standard forensic analysis.
terreActive searches for APTs and anomalies that are not detected automatically. We discuss the findings with the client and integrate the results into the security monitoring platform.
terreActive detects vulnerabilities, prioritizes incidents based on their potential impact and triggers alerts when necessary. In addition, classifications and summaries can be generated for the management.
Security Monitoring Reporting
The site manager prioritizes incidents and their potential impact. He or she discusses them with the client and provides input for improving IT security.
terreActive provides reports for various compliance requirements related to NIST, ISO, FINMA, etc.
Support handles all SOC services. It prioritizes tasks and resources.