The onShore Security Process ensures that data mirrors policy. Our Panoptic Cyberdefense™ Security Operations Center (SOC) Service is a cybersecurity professional service involving high-level consulting, monitoring, data collection, analysis, security management, and reporting. We typically serve regulated industries and enterprises with complex networks and the need for 24hr cybersecurity response. We integrate with your IT organization to increase security visibility, provide reporting for management and regulators, and inform policy.
We manage, monitor, analyze, alert, and dispatch 24 hours a day, 7 days a week.
Attacks are now often multi-vector, multiple exploit, with 55% of them beginning with social engineering. Our approach is holistic. In a post-Sony era, we assume every network is vulnerable inside and outside. Customer policy informs rules and tuning - what is best for one company may not be acceptable for another. During our two month onboarding process, we heavily tune our sensors to establish a baseline of your network with hundreds of parameters matched against characteristics of your policies, risk appetite, and regulatory compliance.
We collect data from any system, our sensors on your site, cloud-placed sensors, netflow collectors, firewalls, and network devices, including encrypted payloads, and correlate that with logs from your systems to achieve an end-to-end security view. Security engineers analyze correlated data daily, augmenting and continuously tuning your customized signatures against industry sources and our own 15 year database.
Our reporting provides fully navigable SIEM data, as well as C-level status briefs and threat landscape reviews, currently making up 12 standard recurring reports and additional custom reports on request. All firewalls and sensors are managed with off-site logging, configuration management, and change control to your policies. We provide our audited SOC2 control matrix at your request.
VM IDS collectors watch traffic to your applications.
Core-switch span ports provide visibility, even into encrypted payloads.
Protection, deception, NAC, and other network-based sources provide powerful correlation data.
Activity on both sides reveal the nature of an attack. Advanced protection feature logs are ingested for alerting and analysis.
Monitor for compliance to access policies.
AD and host agent logs correlate against network activity and alert on anomalous behavior.
Application access and baseline behavior set alert thresholds.
Endpoint detection agents provide visibility into the most vulnerable attack surface through behavioral analytics, application whitelisting, and microsegmentation.