The solution’s description
The CDC is run by a team of experienced analysts and SIEM administrators with practice from
global SOC, experience with the use of state-of-the-art technology and with handling
large-scale incidents as well as APT attacks on local and global levels.
CDC services
Log Management – collection, normalization and storage of logs (optional retention).
Security Monitoring – implementation and development of detection rules, analysis of security events and incidents.
Incident Response – recommendations on how to proceed in order to solve security incidents and help with handling them.
Threat Hunting – active search for new threats and suspicious anomalies over collected events from the client’s environments.
Threat Intelligence – detection rules are enriched by IOC from external information sources/feeds.
Advanced Detection and Protection for Assets – an agent-based solution with unique prevention and especially detection capabilities and reactionary functions which also allow for the remote solution of incidents on devices.
Cyber Brand Protection – monitoring of external information sources with the aim of detecting leaks of defined sensitive data from the client’s environment (login data, internal documents etc.).
Malware and Forensic Analysis – analysis of the behavior and possible impacts of harmful code, forensic collection and analysis of data using procedures and outputs that are acceptable in court proceedings.
Professional Services – impact analysis, proposal and support for the implementation of corrective measures after extensive cybernetic incidents or APT attacks (impact analysis is conditioned by the installation of agents on end devices).
Forms of service provision
Complete outsourcing – you receive complete service, including not only CDC services but also the price of all required licenses and HW. CDC SIEM is operated in a so-called multi-tenant environment, where events from individual clients are strictly separated from each other. If you require logs to be saved in your own infrastructure, the data storage can be operated on your (the client’s) side.
Hybrid model – you own the licenses for SIEM and the hardware, we deliver the services.