Hosted SOC/Continuous Security Monitoring
COCC offers a 24x7x365 Continuous Security Monitoring service for clients. The Continuous Monitoring Service is designed to monitor a client’s network for potential threats and respond to those threats as quickly as possible.
Deep Visibility
- Collect log events from a variety of common devices and platforms (e.g. Windows
devices, routers, firewalls, DNS, web proxies, anti-virus, etc.) - Collect log events from COCC’s existing Managed Security Provider
(MSP) environment (firewall, web filtering, etc.) - Collect packet data, either from COCC’s MSP services (Internet access) or dedicated packet decoders onsite
- Inventory capabilities to track assets, their purposes and their importance to an organization
Data Enrichment
- Data enrichment using threat intelligence feeds from third parties such as FS-ISAC
- Ability to correlate potential threats across multiple financial institutions
- Ability to correlate potential threats across different platforms
- A robust set of detection/correlation rules to look for activities of a
sensitive, anomalous and security-oriented nature
Reduced/Avoided Overhead
- SIEM platform managed and maintained by COCC – hardware provisioning,
updates/upgrades, performance tuning, feeds, etc. - Avoids significant staffing costs by leveraging COCC’s trained and certified security professionals
- Streamlined implementation process for simple rollout and quick value return
- Leverages existing COCC partnership (no new vendors)
Security Monitoring
- 24x7x365 monitoring for security events by skilled analysts, “eyes on glass”
- Real-time alerting and analysis of Events of Interest (EoI) by SOC analysts
- Escalation and notification process for incidents
- Security metrics and notifications of emerging industry threats
- Routine security-oriented reports for review
Regulatory Compliance
- Standardized compliance reporting for log review
- Enhance institution’s Maturity Level within the FFIEC Cybersecurity Assessment Tool (CAT)