Incident Response Center (IRC)

IRC

Incidents happen. You are better off with a professional team behind to help handle and resolve the incident. This is the main task carried out by the Incident Response Center (IRC).

Customized: SOC-IRC as a service

Based on our service catalog we can build a SOC organization customized to your needs. Since each service can be set up or removed on a quarterly basis, the client remains flexible. If the client loses resources, they can be compensated quickly with our service, and if the internal IT of the client can take on more tasks, the client can simply reduce our service.

Our IRC reacts quickly and 24-7 to predefined alerts and informs you about the necessary steps. Depending on the scope of the service, experts are automatically involved to deal with the threat quickly.

Roles and task in the IRC

Service Catalog

Choose what suits your organization best:

Security Monitoring Enhancement

Our security engineer develops new use cases according to client requirements. He or she integrates new data sources and uses fusion analytics to improve quality.

Security Monitoring Tuning

The focus here is on improving the quality of the SIEM functions (e.g. detection, correlation, reporting). Findings from the daily SOC operations are incorporated to ensure continuous tuning. In addition, security relevant messages are extracted from the collected data by means of “Event Packs” or other SIEM configurations, improving the quality of the SIEM solution and reducing false positives.


Threat Detection

A quick decision must be taken to distinguish between false positives and real incidents. An analyst makes the initial assessment before further actions are taken. This reduces the effort and leads to a decrease in the workload for the client organization. The work in this area also includes periodic checks of the SIEMs for correct functioning.

Threat Intelligence

Our experience in analyzing security threats and incidents are incorporated into our own threat intelligence feed. This information can be used by customers to automate threat detection and protect against security incidents.


Incident Management

The work handled by terreActive includes defeating attacks and a standard forensic analysis.

Threat Hunting

terreActive searches for APTs and anomalies that are not detected automatically. We discuss the findings with the client and integrate the results into the security monitoring platform.

Vulnerability Management

terreActive detects vulnerabilities, prioritizes incidents based on their potential impact and triggers alerts when necessary. In addition, classifications and summaries can be generated for the management.


Security Monitoring Reporting

The site manager prioritizes incidents and their potential impact. He or she discusses them with the client and provides input for improving IT security.

Compliance Reporting

terreActive provides reports for various compliance requirements related to NIST, ISO, FINMA, etc.

SOC Support

Support handles all SOC services. It prioritizes tasks and resources.

Other things that might interest you
Operation Control Center
The OCC “Operations Control Center” is the SOC team responsible for the operation and maintenance of security components.
Security Monitoring
Security Monitoring is one of the key SOC activities. Read about our 7-step method!

Just one click away - contact us

Portrait Kurt Aegerter
Kurt
Aegerter
Account Manager
Portrait Magda von Keresztenz
Magda
von Keresztes
Account Manager
Portrait Rolf Hefti
Rolf
Hefti
Director Sales