The strategy is to enhance and address gaps in the security monitoring function through a Security Operations Centre (SOC) service where experts on the SIEM address threats across multiple shifts to ensure optimal safety. The usual Information security function currently provides detection and prevention services, such as, monitoring, incident response and investigations across the technology environment.
Different standards and have different compliance requirements, which include log management from 6 months up to 2 years. This will help to address leftover gaps in Security Monitoring.
Perform 24*7 monitoring of alerts generated from the implemented SIEM technology from our regional facility while storing logs.
Provide incident details and outline preliminary incident response strategy that can help contain the impact of the threat following which an investigation may be required as well as submission of logs to respective compliance authorities.
Event Management
Incident Management
Threat Intelligence
Investigation
Daily Operations
Knowledge Management
KPIs/ Metrics
Business Continuity / Disaster Recover