wave-pattern

Managed Security Services

SOC As A Service

SOC as a Service provides your organization a complete, outsourced Security Operations Center (SOC) function to include the people, process, operations and technology required to protect, detect and respond to cybersecurity threats.

  • The Crypsis SOC is staffed 24 hours a day, 7 days a week with both security engineers and cybersecurity analysts.
  • Our SOC team is continually trained in understanding the latest cyber threats and appropriate defensive actions.

SOC Security Operation Center Advanced Technology Platform

The SOC leverages the Crypsis Hadron platform, which uses advanced machine learning, to aggregate threat information, investigate alerts and proactively hunt for threats. The platform and portal are designed to bring the most urgent alerts to the attention of security analysts and provide them quick, easy access to the information they need to resolve each situation. Every alert interaction is additional input to the engine that learns over time which alerts require a response and what that response was.

The Hadron Platform includes a Customer Portal, enabling the Customer to see all alerts, what actions have taken place and which analyst is currently working on the issue.

What Happens When A Security Threat is Detected?

When alarms require investigation, SOC analysts use pre-defined playbooks to consistently address security threats and train new analysts quickly around common scenarios. These playbooks are regularly programmed into the Hadron Platform to automate common response actions, enabling the analysts to spend time on alerts that benefit from deeper, human review.

When a verified security incident or service failure is identified, the SOC will engage the customer using the notification method defined for each alert priority. These methods include email, text and phone.

Security Threat Notification and Event Handling

Crypsis will notify the Customer according to the escalation and contact procedures as defined by the Customer and Crypsis during the implementation process. The process will define a routine and urgent notification flow as below.

Event Type

Details

Notification

False Positive or Benign

Any event(s) determined by Crypsis to not likely have a negative security impact on the organization.

None

Operational Activity & Reporting

(Priority 3)

Any activities related to regular security control maintenance

 

Maintenance Activity

Report Delivery & Updates

Config Recommendations

Routine Notification

Situational Awareness

(Priority 2)

Activity determined to potentially have a negative security impact on the organization

 

Suspicious Activity

Event Volume Trend Changes

Acceptable Use Violations

Routine Notification

 

Subject to analyst discretion, escalate in accordance with Urgent notification procedure

Verified Incident or Critical Preparation / Service Disruption

(Priority 1)

Activity verified or highly likely to be malicious in nature

 

Active Attack

Sensitive Data exposure

Service Interruptions

Urgent Notification

Support Requests

The Operations team may be contacted via toll-free telephone number and email address for support requests, available 24x7. Support requests are tracked in a ticketing system and updates will be provided via email or phone as appropriate.

Alert Tuning

Crypsis will assess certain events to be environmental noise, potentially addressable configuration issues in the environment or false positives. Crypsis may recommend these be addressed by the Customer to preserve system and network resources.

Crypsis will make available to the Customer the ability to suppress alerts on a temporary basis leveraging a co-managed approach to tuning and suppression of events or alarms. Additionally, to permanently suppress alerts and alarms, suppression activities must be mutually agreed upon between the Customer and Crypsis.

Incident Investigation

Crypsis provides formal incident declaration and response as follows:

Analysis and notifications of Events of Interest that may assist in determining whether an incident has occurred, its impact, vector, etc.

Analysis and information-gathering using the capabilities of the installed technical solutions contracted in this SOW.

Telephonic or email advice and expertise, with the express disclaimer that incident response choices (regarding e.g., containment, eradication, and recovery) and their impact are the responsibility of the Customer.

Analysis and support to help Customer determine if Customer corrective actions are effective for containment.

Continuous monitoring, in parallel of analysis, to support incident containment.

Managed Security Services SOC Service Security Services

Learn More About Our Managed Security Services

Interested in learning more about Crypsis Managed Security Services? Contact us now to be connected with an experienced team member.

Contact Us