These are the services Innovery offers to the Customer as a single point of contact for security and infrastructure monitoring activities aimed at detecting security incidents and/or malfunctions, as well as technical support for the management of ICT infrastructures, both on-premise and in cloud.

The services are structured at various levels which, in brief, are aimed at:

  • Network Operation Center: H24x7 monitoring of the operation of the network infrastructure and the management of incidents related to the malfunctioning of the infrastructural components.
  • Security Operation Center: H24x7 monitoring of security platforms (SIEM in particular) for the detection of anomalies, their analysis and classification, the first contrast in the event of an incident with periodic checks of the correct SIEM tuning and check that the present use cases also cover the new types of attacks and, if necessary, the escalation to our IRT (in case of high impact incidents).
  • Incident Respond Team: complete management of the response to incidents, which includes the development of a response plan, the implementation and testing of remediation measures, system vulnerability resolution, customer support for systems recovery.

 

In addition to the reactive and proactive SOC / NOC defense services provided by T1 and T2 people, our IRT acts also as a CSIRT as it provides proactive T3 defense services, such as:

  • Continuous Vulnerability Management for the prompt reporting of vulnerabilities present on the customer’s infrastructure, based on the assets in the perimeter.
  • Threat Intelligence for the analysis and correlation of information on open sources (OSINT), in order to identify emerging threats and cyber crime trends that may impact the customer.
  • Early Warning: to report information about new threats and how they can impact the customer’s infrastructure through reports, bulletins and announcements.

These services are also carried out in collaboration with other national and foreign CSIRTs.

Innovery SOC is structured and operates in accordance with ISO 27001, ISO 20035, ITIL and NIST standards.

The SOC structure is composed of three fundamental components:

  1. People
  2. Technologies
  3. Processes and Procedures (P&P Framework)

P&P Framework is the glue between People and Technologies:

  • It guarantees support to SOC People;
  • It facilitates the correct use of the adopted technologies;
  • It is structured to allow:
    • Repeatability and homogeneity of operations-> Operative Procedures
    • Acceleration of the responsiveness of analysts-> Actions to contrast incidents
    • Increase the learning curve of analysts even thanks to Knowledge Base