Security Operations & Security Incident Management

Threat intelligence and security monitoring mechanisms and processes are executed to determine the threat landscape as accurately as possible, and feed information into other security processes.

A SIEM/UEBA solution is implemented to centralize data from various log sources, and events are correlated to detect anomalous activity. 24/7 monitoring is performed to spot malicious events and facilitate incident response.

Resources are allocated to manage security incidents throughout their lifecycle, including a dedicated Security Incident Response Team, dedicated SOC, and associated processes and tools. Internal and external communication procedures are activated to keep relevant stakeholders informed.

Evidence resulted from security incident investigation and handling actions is securely stored and preserved in accordance with applicable requirements.

Collaboration channels with various area experts within the business and, when necessary, external partners, are maintained for proper and effective response.

Fallback plans are defined and activated in case planned eradication and recovery take an unexpected turn.

Vulnerability management processes and technologies are implemented to enable the identification, analysis, and categorization of vulnerabilities across the infrastructure, and communication to relevant roles for remediation. Patching requirements are also defined, considering the criticality of vulnerabilities identified.