INTELLILINK SOC Construction/Reconstruction/Enhancement Support Service

Need for SOC

SOC (Security Operation Center) is a center that monitors security 24 hours a day, 365 days a year, and reports to CSIRT (Computer Security Incident Response Team) when an incident occurs. The SOC analyzes and investigates information accumulated at the SOC and coordinates with the CSIRT (Computer Security Incident Response Team).
To counter today's increasingly complex and serious threats, there is a growing need for SOCs to monitor their environments under any circumstances to detect and analyze attacks.

Service Features

To build a SOC, it is necessary to organize information from various perspectives and link it to planning, consideration, implementation and operation.
This service analyzes the client's current situation and makes proposals according to the client's needs for tasks before and after the start of SOC operation, including not only support for building a new SOC but also functional enhancement of the existing environment for clients who are already operating an SOC.
To ensure that our clients are able to perform stable operations by themselves, we provide total support, including education and training, operational design support and operational support even after the start of operation.

Figure 1: Example of Tasks related to Initiation of SOC Operations

Figure 1: Example of Tasks related to Initiation of SOC Operations

*MSS (Managed Security Service): Outsourced security monitoring and operation service

(Figure) Collaboration after SOC Construction

The figure below shows the collaboration between CSIRT and SOC. Good collaboration between SOC and CSIRT facilitates effective use of log analysis infrastructure.

Figure 2: Collaboration between CSIRT and SOC

  • CSIRT is a team that receives and handles incidents
  • SOC is a team that reports security incidents to the CSIRT

How is INTELLILINK SOC Construction/Reconstruction/Enhancement Support Service Beneficial to our Clients?

Our experienced team provides specific and feasible operational design and document maintenance required for SOC operations. We can also offer a wide range of education and training programs as needed. This enables a phase-wise construction of a necessary and effective SOC.

INTELLILINK SOC Construction/Reconstruction/Enhancement Support Service Flow (Operation Design Support)

Planning Requirement defining Detailing Deliverables
Conduct interviews, identify the functions that need to be realized as a SOC, incorporate them into requirements by priority level, and formulate a plan for achieving these functions Define the operational flow, operational requirements, system requirements, operational structure, etc. Operational design detailing for each function/task block in the SOC operational flow Prepare operational design documents, operation manuals, forms, etc. as needed

(Figure) Output (Requirement Defining Phase)

In the requirement defining phase, we analyze the current status and the SOC that the client is aiming for, and provide operational design related support where required based on our knowledge of SOC operations. Based on this process, we prepare documents such as "list of operational requirements," "operational design document" and "operational workflow."

Figure of Output

*All other company names, product names, service names, etc. mentioned herein are trademarks of their respective owners.

* These products or services are only available in Japan.

INTELLILINK SOC Construction/Reconstruction/Enhancement Support Service