The Satisnet SOC
What it Gives You
Security monitoring and incident response needs to deliver a return on investment (ROI) to an organisation. The Satisnet SOC service achieves this by making sense of the millions of IT events that flood a company’s infrastructure, to deliver tangible results and Key Performance Indicators.
Key Performance Indicators
Average Ticket Duration
Incidents by Severity
Incident Progress by Involvement
Incidents Managed by
Incidents by Run-Book
Other Reports and KPI's
- How long did it take to investigate and remediate incidents?
- How effective are the security solutions that you have in place?
- Are your resources allocated appropriately?
- Do you have the right number of people reacting to issues?
- Which parts of the organisation?
- Time distribution
- Time of day
- How many incidents are you tracking?
Events per Second
Typically SIEM’s are rated in terms of their Events per Second (EPS) throughput capability, and they process millions of events daily. These raw numbers of events are generated by all devices on the network and fed into the SIEM.
There are many ways that events can be condensed down, such as having an aggregation process where you take multiple events that are the same and total them up to create a single incident. Rules and correlation take events that mean almost nothing and join them together to mean something that is worth investigating.
Incident Processing and Automation
In terms of processing incidents, the volumes that modern day SIEM’s and SOC’s generate are huge and cannot feasibly be processed and actioned by a human team. Automation and machine learning needs to also be utilised.
Automation is utilised throughout the Satisnet SOC to; map assets and their stakeholders, open incident Run-Books based on alert/incident triggers, collect additional business and technical context to enable better decision making, reduce false positives, and ensure that analysts and customer infrastructure teams work on real incidents as opposed to false alarms.
Automation is also utilised to orchestrate security and infrastructure point solutions to assist in remediation and pull together platform teams and processes, while interfacing with ticketing systems.
1. Event Collection
1000’s of events being generated by security and infrastructure devices on the network.
2. Event Correlation
Events are aggregated and correlated by the SIEM, producing a huge number of security incidents, but they lack business context and security intelligence.
3. Use Case Modelling
Satisnet has developed a state-of-the-art application of SIEM SOC Use Cases that customers can use to map their security goals and understand what infrastructure is needed to achieve this.
4. Incident Processing
SOCAutomation uses machine learning to apply additional business and technical context, reducing the generated alerts into high priority, actionable incidents. It then enables the incidents to be triaged and actioned further using automation across point security tools and infrastructure, while interfacing to ticketing/workflow systems, to ensure a cohesive security fabric involving people and tools.
The Satisnet SOC is located in and managed from a fully secured environments. Door access systems, CCTV, and remote locations offer the maximum security available for storing and managing sensitive data. The Satisnet SOC has UK locations in Luton, Hitchin and Edinburgh, as well as a location in Hyderabad, India.