SPS SOC as a Service
SPS offers Security Operations Services (SOC) as a Service for clients. This offering is flexible and customizable to meet the needs of a wide range of clients. In the Core offering, the SPS SOC Team is responsible for providing Threat Monitoring and Analysis. In addition, SPS offers the following optional components:
Monitoring and Analysis Support (Core)
SPS provides a Monitoring and Analysis Support Team to actively review all SOC data feeds, analytical systems, sensor platforms, and output from other SOC tool products. The Support Team will provide written or oral reports of findings to the client’s designated contact/program manager for further investigation or for action. The Support Team participates in a variety of Information System Security (ISS) activities, including: monitoring of systems status; escalating and reporting potential incidents; creating and updating incident cases and tickets; risk assessment analysis; analyzing ISS reports. The Monitoring and Analysis Support Team provides a range of SLA Coverage Options for monitoring and analysis of all designated security feeds.
The Monitoring and Analysis Support Team can also assist in assembling, evaluating, installing, and maintaining various intrusion detection sensors and associated software applications. The Support Team may provide informal investigation, review, and recommendation documentation as necessary. Deliverables for Monitoring and Analysis Support include summary informal reports based on security event analysis and Technical Evaluation Reports.
Digital Media Analysis (DMA) Support Option
The SPS Support Team may include Digital Media Analysts, who will perform forensic analysis on a variety of digital media devices and mediums to identify, reverse engineer, and deobfuscate content related to an incident, such as malicious content. The Digital Media Analysts will provide a detailed written technical Report of Findings that includes the methodology used during the DMA evaluation, the findings from the evaluations, and any recommendation for further action.
Cyber Intelligence Support Option
The SPS Support Team may include Cyber Intelligence Analysts, who will provide technical expertise in cyber adversary capabilities and an assessment of the intentions of these groups to conduct Computer Network Exploitation (CNE) and Computer Network Attack (CNA) against the client and their information systems. Cyber Intelligence Analysts shall review the ingestion of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts from external sources and determine its applicability to the client’s environment.
Vulnerability Assessment Support Option
The SPS Support Team may include Vulnerability Assessment Analysts, who will provide remote vulnerability assessment capabilities as a sustained, full-time program independent of incident detection, recovery, or reporting activities. Activities shall include full-knowledge, open-security assessment of the client’s site and infrastructure. The SPS Support Team will work with the client’s system owners and system administrators, to holistically examine the security architecture and vulnerabilities of their systems, through security scans, examination of system configuration, review of system design documentation, and interviews. Deliverables for Vulnerability Assessment Support include, but are not limited to, a Vulnerability Assessment Report of Findings, along with recommended remediation.
Penetration Testing Support Option
The SPS Support Team may provide both internal and external security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, and/or network. Deliverables for Penetration Testing include, but are not limited to, a Rules of Engagement document containing the type and scope of testing, and client contact details; and a Penetration Test Report that includes an executive summary, a contextualized walkthrough of technical risks, potential impact of vulnerabilities found, and vulnerability remediation options. Deliverables for Penetration Testing Support include, but are not limited to, a Penetration Testing Report of Findings.
Incident Assessment and Response Support Option
The SPS Support Team may work with the Client and/or any other pertinent parties (to include external vendors) to recover from any incident. In this role, the SPS Support Team shall have hands-on involvement in gathering artifacts or recovering systems. It is expected that any incident requiring a response team to be deployed shall be able to deploy within a specified number of hours of notification. This work shall be done in coordination with external service providers, the client’s system owners, system administrators, and Information System Security Officers (ISSOs), as appropriate.
Insider Threat Hunting Support Option
The SPS Support Team may provide support to detect, prevent, and respond to threats posed by malicious, negligent or compromised insiders, by maintaining in-depth visibility into the Client’s Enterprise and having a means of filtering and prioritizing threat data into concise, actionable intelligence. The SPS Support Team may provide advanced analysis and adversary hunting support to operations in an effort to proactively uncover evidence of adversary presence on the Client’s networks. Deliverables for Insider Threat Hunting Support include, but are not limited to, Daily Summary Reports based on security event analysis.
Would you like to learn more or need to schedule an appointment? Please click here