VaporVM Managed SOC

VaporVM provides its SOC services from its office, hence ensuring that no data is going off-shore. VaporVM SOC is a 24/7 service that has experienced security experts who will have an eye on the customer’s infrastructure throughout the day.

Depending on the service level purchased by the SP and/or end-client, VaporVM SOC will perform the below services as part of its engagement.

Security Monitoring, Incident Management & Events of Interest

  • Perform 24×7 logs & audit trails monitoring for security events to detect the known, as well as unknown attacks
  • Raise alerts for any suspicious events that may lead to any possible security breaches within the customer’s environment
  • Perform 24×7 performance and service availability monitoring, so that desired state and  integrity of devices and services levels can be maintained
  • Monitor alerts and events reported by devices under scope, troubleshoot, recommend remedial action, and provide rapid response to incidents
  • Monitor and detect events of interest that are anomaly-based, unusual & are suspicious in nature.
  • Initiate prompt corrective measures to stop or prevent attacks
  • Prepare and publish daily, weekly, and/or monthly customs reports to summarize list of incidents, security advisories, change management, and other security recommendations
  • Provide operations trend analysis and correlation reports of operations data, for previous months vs. current month

Log Analysis and Management

A log, in computing context, is an automatically produced and time-stamped documentation of events relevant to a system. Virtually all software applications and systems produce log files. Log management are the collective processes and policies used to administer and facilitate the generation, transmission, analysis, storage, archiving and ultimate disposal of the large volumes of log data created within an information system. Systems in scope include:

  • Intrusion detection and/or prevention system
  • Antivirus software
  • Firewalls, routers, and other network devices
  • VPN, secure gateways, and file transfer servers
  • Application servers, web servers, database server
  • Operating systems, virtual machines, and physical workstations serving as user end-points

Security Device Management

Security device management services address security monitoring and management of security devices and systems. Devices include firewalls, IDS/ IPS, WAF, SIEM, anti-virus & malware, and VPN. VaporVM collaborates with SP and/or end-client service delivery and SOC teams to establish a backup and restore management process, including schedule requirements for configuration backup and ad-hoc backups (as required), based on change management or troubleshooting needs. Activities performed include:

  • Validation of signatures and review configurations
  • Performance of device upgrades and patch management
  • Performance of incident tracking and correlations
  • Provision of regular updates on attack signatures
  • Provision of on-demand device reports for devices, security, and compliance
  • Performance of analysis and correlation, as well as alert escalation and prioritization
  • Detection of unauthorized access to network resources
  • Evaluation of SANS 20 critical security controls on the devices-in scope
  • Evaluation of applications against OWASP top 10

SIEM Platforms supported

Alien Vault is a premier SIEM solution with a global footprint and penetration in the largest organizations throughout the world. VaporVM is an AlienVault MSSP partner and has full expertise to integrate the SIEM solution and customize it according to various requirements.

Customers can subscribe to VaporVM’s SOC, an integral component of Managed Security, which is offered in the following three ways depending on their IT needs:

  • On-Premises SOC
  • Remote SOC
  • Hybrid SOC

On-premises SOC

  • Intrusion monitoring, incident analysis, investigation and response
  • Security engineering, and operations and maintenance (O&M) of security technologies
  • Full-content network traffic monitoring and analysis
  • Integrated cyber threat analysis
  • Insider-threat detection, investigation and mitigation

Remote SOC

  • Remote monitoring, remediation and resolution
  • Advanced correlation analysis
  • Monitoring of security technologies
  • Governance, risk and compliance monitoring
  • Continuous vulnerability management
  • Advanced cyber network defense services

Hybrid SOC

  • On-premises augmented SOC resources during core business hours leverage your technology
  • Remote SOC resources monitor your technologies after core business hours, weekends, and holidays
  • Advanced Threat Intelligence Services
  • Ad hoc and scheduled managed security services including Compliance Monitoring and Vulnerability Assessment Services

High-Level Diagram

The following diagram shows the engagement model for the new SOC-as-a-Service.