
Services Provided in the SOC Mode
SOC As a Service guarantees collection, centralization and correlation of security events detected in customer’s infrastructure. Operation of SGBox SIEM is available via customer’s data center, cloud of SGBox or its partners in “SIEM As a Service” mode.
EARLY WARNING ADVISORY
& SECURITY AWARENESS
Early detection of threats that could potentially compromise normal operations is the main objective of the service. Sources of information are constantly monitored, data are collected, analyzed and classified according to its reliability.
COMPUTER SECURITY INCIDENT
RESPONSE TEAM
Constant monitoring of IT systems to analyze the security status and the level of sensitivity to potential attacks. Based on the information obtained, a dedicated team implements countermeasures to correct vulnerabilities and prevent future threats.

SECURITY MONITORING
& ALERTING
The platform analyzes network and log flows and generates alerts that are managed 24/7 by experienced analysts. SOC coordinates the response to incidents based on four levels of escalation according to different types.
THREAT DETECTION
& ANALYSIS
Attack methodologies are detected from real cases through process analysis, using the detection techniques of MITRE ATT&CK, defining a common terminology common for many security products such as ERD solutions.
INCIDENT HANDLING
& FORENSIC ANALYSIS
Incident handling is activated by security and incident triage processes, monitoring and identifying in real-time security events and alarms received from Security Monitoring to determine what have caused them.