Innovery offers the Managed Detection & Response services as a single point of contact for the monitoring activities of our Customer’s ICT infrastructure security, aimed at detecting security incidents and/or malfunctioning, as well as technical support for ICT infrastructure management, both on-premise and in the cloud.
Services are structured at several levels that, in brief, are aimed at:
Security Operation Center
H24x7 monitoring of security platforms (SIEM in particular) for the detection of security anomalies, their analysis and classification, first contrast in case of an incident, periodic checks of the correct tuning of the SIEM rules and verification that present use cases also cover new types of attacks and, if necessary, the escalation to our IRT (in case of high-impact incidents).
Incident Response Team
Full management of the incident response, which may include contrast and control activities, response plan definition, implementation and testing of remediation measures, resolution of system vulnerabilities, and customer support for systems recovery.
Network Operation Center
H24x7 monitoring of the functioning of the network infrastructure and management of incidents related to the failure of infrastructure components; activities may include operational management of network equipment, IT systems, and applications both on premise and in the cloud.
The SOC team together with the Incident Response Team form the Innovery CERT (CERT-INN) through which reactive and proactive defense services delivered by T1 and T2 level analysts are offered, and at the T3 analyst level advanced proactive defense services are delivered too, also aimed in collaboration with technology partners and other national and foreign CERTs
Innovery’s CERT is structured and operates in accordance with ISO 27001, ISO 20035, ITIL and NIST standards. The SOC structure consists of the three key components:
- Processes and Procedures (TPP Framework)
With the support of the Competence Centers specialized in many security technologies in the Defensive Security area, we provide the services of full security infrastructure management and system integration.
The TPP Framework is the bond between People and Technology:
- It provides ongoing support to CERT analysts;
- Facilitates the proper use of the Technologies adopted by each client
- Accelerate the reactivity of the Analysts in the actions of contrast to the security incidents;
- Increase the learning curve thanks to the Knowledge Base fed continuously by Analysts.
The services are provided remotely by the staff in the equipped rooms dedicated to the Italian offices (Milan and Rome) and Spanish ones (Madrid and Barcelona).
Different levels of support services are provided to our customers, according to their needs, as shown in the picture.
Starting from the bottom are listed the ICT infrastructure monitoring and management services provided by the Network Operation Center, and moving up are highlighted the main services of the Security Operation Center and the Incident Response team, which together form the CERT.
The teams are different but centrally coordinated, and all together contribute to cover the multiple areas of competences required to manage incidents related to network, systems, applications, and overall continuous monitoring and management of corporate cyber security.
In accordance with international best practices, our CERT is organized at multiple levels (Tier), with gradually increasing expertise in cyber security. The front-end consists of T1 analysts who operate in H24x7 mainly in presence at our operational sites, while T2 and T3 analysts operate on call, ensuring H24 availability always, all coordinated by the CERT Manager and support staff (team leaders and staff managers).
The pictures below show the modes of engagement and responsibilities for each skill level.
The services offered by CERT are combined into different packages, which are tailored to the client’s needs. Some of these packages can be acquired separately even if the client does not have our CERT services, such as Incident Response and Proactive Security.
For a complete description of the services offered by our CERT according to the RFC 2350 standard, please see the document at the following link.
The Incident Management services are provided by CERT as an integrating part of the reactive and proactive security monitoring services for our clients’ ICT systems, as part of the MDR services, but they can also be required by any other company that has experienced a security incident and needs the support of our cyber security experts, in order to remedy the consequences of the incident.
In addition to reactive defense services, Innovery’s CERT offers proactive defense services, which aim to prevent security incidents by continuously searching for threats that may impact the customer (not just ICT infrastructure) and immediately reporting them to the appropriate personnel.
The services offered by our CERT are in line with those provided by the Computer Security Incident Response Team (CSIRT) Services Framework, a high-level document describing in a structured way a collection of cyber security services and related features that CERT and SOC teams can provide in the field of both reactive and proactive defense.
Advanced reporting based on bulletins, feeds and customized dashboards, about new vulnerabilities and how they may impact the customer’s ICT infrastructure, because the reports are focused on the technologies they use.
Based on an advanced e-learning platform that allows to involve the whole organization in a e-learning continuous path as well as raising awareness for cyber risks.
Advanced reporting about the analysis and correlation of information gathered from open and closed sources (OSINT and CLOSINT) in order to indentify emerging threats and cyber crime trends that may impact the customer organization.