requires constant attention!
A unique business model with a self-regulatory effect
Continuous monitoring of ICT systems against threats.
Immediate analyses and responses to threats.
Meaningful interpretation of suspected incidents.
You only pay for what you really need.
Why choose the eSOC service
Is it becoming unwieldy and ineffective for you to maintain your own teams of experts with highly specialized network and cybersecurity knowledge?
We offer a unique concept of a flexible active eSOC security centre that adapts to your needs.
I’m always on guard!
I regularly find what others fail to see!
I can eliminate a cyber attack!
I collect evidence thoroughly and quickly!
I am constantly improving the SOC process and defence mechanisms!
Elastic payment system
No pig in a poke, but a service where you only pay for what is of value to you.
You only pay a minimal regular fee for continuous responsive 24/7 monitoring.
You retroactively choose yourself whether you pay for discovery, design or development.
Along with the eSOC service, we offer additional services with a discount:
Your network expert on the phone
In practice, we often find that security administrators and managers at various levels lack reliable information about the current or past state of the network they are expected to supervise. It can often be difficult or even impossible to obtain appropriate information from internal network traffic administrators. This is due to poor relationships between the security staff and the operational staff, or especially because such specialists are either completely absent or overburdened.
For that reason, we are offering the services of our experts “on the phone”. Upon request by authorized personnel, they will provide information on the current or past configuration status of network elements, processes, connected end devices, etc., in a way that can be understood even by a layman – in a personal explanatory form supplemented by visualizations and overview tables. It is the most effective way for you to get detailed and reliable information about your corporate network.
Threat detection in network traffic
Traditional signature and rule-based threat detection tools such as firewalls, IDS/IPS and antivirus programs are an essential part of perimeter and endpoint protection against known and described threats. However, these do not allow organizations to detect and defend themselves against threats that circumvent this protection. It is, however, possible to detect internal threats by evaluating anomalies in network traffic, which are clear indicators of IT systems being compromised. Anomaly detection and network behaviour analysis is an advanced discipline that includes AI technology based on the principle of evaluating NetFlow network traffic statistics.
Our service covers the most common need of our clients – detection of hidden threats in network traffic between the outer firewall and internal network, as well as the server segment of the network. This is the only solution that provides the ability to perform detection at any stage of an ongoing attack.
Monitoring of the activities of IT suppliers
All changes to information systems made remotely by suppliers or even by internal administrators are recorded as part of this service. Video logs are generally archived for up to 30 days. Within 24 hours at the latest, our supervisory operator will check these recordings and offer a professional evaluation of whether the supplier made changes relevant to the service requirements in the HD/SD system. Alternatively, our operator evaluates suspicious activities in direct cooperation with your IT administrator. To provide the service, we use a tool for obtaining video logs of user sessions, typically implemented via a remote desktop service or via an SSH console. The tool agent is installed on the server used by suppliers for their remote access.
It is therefore an advanced security supervision service focusing on administrator actions, or generally actions performed by privileged used accounts.
Managing vulnerable services in the network
Typical causes of the presence of vulnerable services in a network are incorrect configuration or known bugs in the versions of the software that are installed, unauthorized software installations, or outright violations of established security measures. The service we offer automatically detects these most common types of vulnerabilities, as well as other types, and helps you prioritize their removal. You can also order the removal of specific vulnerabilities from us directly. As a result, this helps to significantly reduce the risk of data loss as a result of your information systems becoming compromised.
An important part of the service that is offered is a tool for regular automated detection of vulnerable network services, and what is called the “Security Feed”, a continuously updated database of known vulnerabilities maintained by the manufacturer of the tool. As a result, vulnerability management is a cyclical process of sub-procedures that leads to the detection of known security vulnerabilities.
Security reputation assessment
We provide an almost unattended Security Scorecard cloud service, offering information that is useful and otherwise extremely difficult to obtain. It represents a form of detecting company vulnerabilities directed towards the Internet, but in the broader context also of the entire digital footprint, including infected “endpoints” and detected data leaks. It also includes “Vendor Risk Management”, i.e. monitoring the security reputation of suppliers and partners.
Ready-made tailored security courses
The current study points out the efforts of companies to improve their resilience to cyber threats. In addition to technical means, they can also achieve this goal by strengthening the expertise of their employees by organizing security training for their IT experts and all other employees. For training purposes, it is appropriate to use modern e-learning tools and the competencies of a partner who delivers ready-made training courses but can also create courses intended for a specific purpose, train internal staff or directly take over the management of the training platform for the customer and provide up-to-date content on a continuous basis.
Our experts will deliver a set of e-learning security courses to the Moodle platform, which we can run for you in a cloud or on-site.
The use of modern e-learning technologies enables companies to achieve significant time and financial savings compared to regular full-time training. Employees can be trained at any time and anywhere; the platform provides information on the training plan of specific employees and on the fulfilment of important milestones, as well as information on the fulfilment of legal obligations regarding employee training. Test results can be used to demonstrate the professional competence and qualifications of graduates.
The introduction of e-learning also reduces the loss of company know-how when employees leave and creates an environment for the easy sharing of skills and experience among employees. E-learning reduces HR costs and trained employees are familiar with the scope of their work and the company’s values, as well as the guidelines necessary for their career.
In order to provide the service, a strong security information and event management tool (SIEM) is required.
We can use your existing SIEM or supply our own favourite solution.
Who is behind eSOC
JESENIOVA 2829/20, PRAHA 3
+420 225 308 111
is a SOC that adapts!
We are available to you for more information, a complete presentation tailored to your company or anything else you might be interested in.