About Us

Contact Us

NZ 0800 895 157

AUS 1800 411 565

SOC

Get in Touch

Home » Network & Infrastructure Security » SOC

Do you need SOC Support?

Our cyber security team are responsible for monitoring and improving our clients cybersecurity posture by identifying, preventing, detecting, and responding to threats. This service has now been extended to be available 24 hours a day 7 days a week for our clients.  The team monitor identities, endpoints (e.g. workstations), servers, network applications, websites and other systems to uncover and protect against potential cyberattacks in real time.

Our team provide proactive security management and solutions using the latest threat intelligence to allow us to identify and address system or process vulnerabilities before attackers could exploit them.

Our SOC point of difference is we work across multiple devices and software across the entire digital attack surface and not limited to a single vendor.

Our SOC Services include

Continuous Monitoring & Threat detection

Reducing the attack surface

Asset discovery and tool inventory

Log management

Incident response

Asset Discovery and Tool Inventory

To eliminate blind spots and gaps in coverage, the SOC needs visibility into the assets that it protects and insight into the tools it uses to defend the organization. This means accounting for all the cloud services, identities, applications, and endpoints across on-premises and multiple clouds. The team also keeps track of all the security solutions used in the organization, such as firewalls, anti-malware, anti-ransomware, and monitoring software.

Reducing the Attack Surface

A key responsibility of the SOC is reducing the organization’s attack surface. The SOC does this by maintaining an inventory of all workloads and assets, applying security patches to software and firewalls, identifying misconfigurations, and adding new assets as they come online. Team members are also responsible for researching emerging threats and analysing exposure, which helps them stay ahead of the latest threats.

Continuous Monitoring

The Cyber Security Team will be using multiple technological solutions to continuously be available to monitor our clients systems.  These solutions include, security analytics solutions like a security information enterprise management (SIEM) solution, a security orchestration, automation, and response (SOAR) solution, or an extended detection and response (XDR) solution.  Our SOC team will monitor the entire environment—on-premises, clouds, applications, networks, and devices—all day, every day, to uncover abnormalities or suspicious behaviour.

Threat Detection

The SOC team will use the data generated by the SIEM and XDR solutions to identify threats. This starts by filtering out false positives from the real issues. Then they prioritize the threats by severity and potential impact to the business.

Log Management

The NSOC team is also responsible for collecting, maintaining, and analysing the log data produced by every endpoint, operating system, virtual machine, on-premises app, and network event. Analysis helps establish a baseline for normal activity and reveals anomalies that may indicate malware, ransomware, or viruses.

Incident Response

Once a cyberattack has been identified, the NSOC team and management quickly takes action to limit the damage to the organization with as little disruption to the business as possible. Steps might include shutting down or isolating affected endpoints and applications, suspending compromised accounts, removing infected files, and running anti-virus and anti-malware software.

What is SOC Looking For?

Cyber Security Team are looking for threats in your environment from a multitude of devices, systems and applications.  The team will be reporting on firewalls, workstation & server endpoints, website & web applications, alerting & protection, cloud services and data exfiltration from your network. Learn more about firewalls, workstation & server endpoints and cloud monitoring below.

Firewalls

Monitoring logs and alerts including monitoring for logins access (especially after hours), risky ports, large data copies in or out of the network, firewall rule changes.

Monitor and check firewall patching availability and new firewall vulnerabilities.

Respond on critical risks by triage with advanced teams and block any threats
Reviewing device configurations history and latest changes
Execute regular monthly vulnerability scans to recommend any new changes required

Workstation and Server Endpoints

New asset discovery monitoring and investigation
Tampering with the anti-virus and anti-malware solutions
Monitoring alerts generated by endpoint security solution
Monitor patching, compliance and identify any potential new vulnerabilities
Monitor local admin account login and creations
Application Management
Lateral movements across networks and devices
Backup data locations being accessed
Suspicious incidents triaging
Respond and remediate workstations at risk

Cloud Monitoring

Alert when any Global Admin account has been created.
When a global admin or administrator account is logged into your 365 or Azure environment
Alert when a user account has too many failed logins
Execute Microsoft Hunt & Threatening queries
Monitor and execute Microsoft vulnerability manager
When new devices or resources are added into your environment
Review and implementation of security enhancements as required
Suspicious incidents triaging

Supplier and Product Vulnerability Hunting

Actively searching for supplier and product vulnerabilities that are released on a daily basis. We search across multiple vendors, products, news sources to immediately find vulnerabilities.
Our SOC team then assesses what action, escalation or possibly no response is taken