INTELLILINK SOC Construction/Reconstruction/Enhancement Support Service
Need for SOC
SOC (Security Operation Center) is a center that monitors security 24 hours a day, 365 days a year, and reports to CSIRT (Computer Security Incident Response Team) when an incident occurs. The SOC analyzes and investigates information accumulated at the SOC and coordinates with the CSIRT (Computer Security Incident Response Team).
To counter today's increasingly complex and serious threats, there is a growing need for SOCs to monitor their environments under any circumstances to detect and analyze attacks.
Service Features
To build a SOC, it is necessary to organize information from various perspectives and link it to planning, consideration, implementation and operation.
This service analyzes the client's current situation and makes proposals according to the client's needs for tasks before and after the start of SOC operation, including not only support for building a new SOC but also functional enhancement of the existing environment for clients who are already operating an SOC.
To ensure that our clients are able to perform stable operations by themselves, we provide total support, including education and training, operational design support and operational support even after the start of operation.
Figure 1: Example of Tasks related to Initiation of SOC Operations
*MSS (Managed Security Service): Outsourced security monitoring and operation service
(Figure) Collaboration after SOC Construction
The figure below shows the collaboration between CSIRT and SOC. Good collaboration between SOC and CSIRT facilitates effective use of log analysis infrastructure.
- CSIRT is a team that receives and handles incidents
- SOC is a team that reports security incidents to the CSIRT
How is INTELLILINK SOC Construction/Reconstruction/Enhancement Support Service Beneficial to our Clients?
Our experienced team provides specific and feasible operational design and document maintenance required for SOC operations. We can also offer a wide range of education and training programs as needed. This enables a phase-wise construction of a necessary and effective SOC.
INTELLILINK SOC Construction/Reconstruction/Enhancement Support Service Flow (Operation Design Support)
| Planning | Requirement defining | Detailing | Deliverables |
|---|---|---|---|
| Conduct interviews, identify the functions that need to be realized as a SOC, incorporate them into requirements by priority level, and formulate a plan for achieving these functions | Define the operational flow, operational requirements, system requirements, operational structure, etc. | Operational design detailing for each function/task block in the SOC operational flow | Prepare operational design documents, operation manuals, forms, etc. as needed |
(Figure) Output (Requirement Defining Phase)
In the requirement defining phase, we analyze the current status and the SOC that the client is aiming for, and provide operational design related support where required based on our knowledge of SOC operations. Based on this process, we prepare documents such as "list of operational requirements," "operational design document" and "operational workflow."
*All other company names, product names, service names, etc. mentioned herein are trademarks of their respective owners.