Our service primarily consists of cyber security incident management, which involves:
- the collection, normalization, categorization and correlation of information from individual assets (log sources) in a single place.
- analysis and assessment of security incidents to determine whether they are breaches or false alarms.
- investigation aimed at determining the vector of the attack and impact and providing additional information necessary to determine an appropriate response.
- response and cooperation during response, including intervention by the CSIRT team at the incident site.
- post-incident activity, record keeping and recommendations to further develop cyber security.
- monitoring of the availability of monitored assets (log sources).
The security monitoring service includes support from our central Service Desk where security incidents are reported. The service also includes weekly overview reports on security incidents and vulnerabilities that have been detected even outside of the infrastructure being monitored.
We offer our security monitoring services in the following regimes:
- Monitoring during working hours (8/5).
- Continuous monitoring (24/7).
- Hybrid regime (monitoring during working hours along with 24/7 monitoring of critical incidents).