SEE GROUP

01

Managed SIEM

Monitoring the existing system at client's site - as a service.

See-Secure's SOC center operates 24/7 and monitors cybersecurity events.

Meets all the strict security standards.

Full availability.

Legal remediation is detected on an ongoing basis.

Characterization of unique attack and anomaly scenarios for each client.

02

Monitoring and control center

SOC (Security Operation Center) - responsible for every security aspect in the organization, starting with the physical security layer and ending with information security and cyber security in order to give a comprehensive view of the security situation in the organization 24/7.

In the See-Secure's SOC center, there are controllers who look at and supervise the events 24/7, at the same time there is an organized team of skilled analysts, whose goal is to monitor and improve the organization's security situation, while preventing, identifying, analyzing and responding to cybersecurity events with the help of advanced technology, well defined procedures.

See-Secure's analysts team is a group experts in their field, with in-depth knowledge and extensive experience with complex communication environments.

A SOC center that guards every facet of the organization, around the clock, is crucial for information security in the company, and fortunately, is much more accessible and attainable even in small and medium-sized organizations, to gain control over the cybersecurity situation in real time.

03

Monitoring client's environment

Service content:

As part of the service and in accordance with the service package, the following will be provided:

Step 1

• Moving on to the Playbook for learning the client's environment
• Going over the definition of rules and correlations that exist in the client's environment
• Characterization of scenarios according to the recommendations of the monitoring center and the client's requirements
• Alert severity setting
• Monitoring of all the defined systems.

Step 2

• Identification and notification of information security incidents after risk assessment
• Analysis of suspicious events and information
• Periodic reports - production of weekly reports, and event reports
• Answering questions and updates through the control center
• A POC who is in regular contact with the contacts at the client
• Monthly meeting, going over the client's environment and recommendations from See-Secure's cybersecurity experts

04

IR - cybersecurity incidents response team

IR (Security Incident Response): The process of identifying, removing, and remediating an existing serious security incident. These services are used when there is a serious violation that has been identified, causing damage, and disrupting the business routine.

The response time is crucial in dealing with a security incident. Our service approach guarantees quick identification, identification of compromised systems and information, mitigation, and repair proposals to improve resilience, and prevent a similar future compromise.

Incident response consists of:

Initial Response: As a first step, we review existing evidence, assess security control updates, and perform an initial assessment to prepare an appropriate test and response strategy.

Investigation: Create visibility across the network and endpoints for investigating suspicious behavior, searching for adversary activity, isolating compromised accounts, identifying data, system, and network assets.

Containment and prevention: After identifying the timeline of the activity, the systems affected in the networks and harmful activity, we start working alongside the team towards containment of the incident. We will continue to monitor the attacker's activity, as we see fit (disconnect him quietly or isolate him). Once done, we focus on removing traces of malware and tools, resetting credentials and mitigating exploited vulnerabilities.

Rehabilitation and recovery: Successful rehabilitation involves full eradication and full return to business production.

Scope of services:

• Building a client portfolio that will be used as initial information to speed up the response time.
• Once a quarter follow-up and status meeting (two hours).
• The company will be available 24/7 for any security incident that requires a team response and provide the relevant professionals to respond.