Security operations

The Security Operations service covers the provision of security monitoring of the organisation's information environment by a specialised SOC (Security Operations Centre) and response to detected security incidents by a professional CSIRT (Computer Security Incident Response Team).

Service description

Security incidents are an unavoidable part of daily reality for modern organizations, and their early detection along with the rapid implementation of appropriate reactive measures is essential to minimize the damage caused. Proper evaluation of detected incidents requires constant monitoring of the protected network and a high level of expertise on the part of SOC security monitoring center operators and analysts. Correct determination of the causes of the incident, its detailed investigation and effective coordination of the response to it then places high demands on the knowledge and skills of the CSIRT response team members.

Given the aforementioned high demands on the expertise of members of surveillance centres and response teams - and the associated not inconsiderable costs of running these units - many organisations find it more convenient to secure professional SOC and CSIRT services from a third party than to build these teams within their internal organisational structures. It is for these organisations that the Security Operations service is aimed.

As part of this service, our specialists from the security monitoring centre monitor, detect and evaluate incidents in the customer infrastructure and forward the incidents to the ALEF CSIRT team for detailed analysis. Following their investigation, the team proposes, implements and coordinates further reactive actions according to procedures specific to the customer environment.


Who is the service for?

The service is intended for all organizations that do not want to/cannot implement security monitoring and incident response using internal staff resources. It is also suitable for organizations that already operate SOC monitoring centers or CSIRT security teams and want to provide L2 and L3 support for them using external resources.


Main advantages of the service

Providing the services of a professional security team capable of monitoring and responding effectively to security

incidents without the need to build such a team internally

Reducing the impact of security incidents with proactive and reactive processes tailored to the needs of the organisation

Optimising the cost of security monitoring and incident response

How is the implementation done?

  1. Analysis of the environment, processes, technology and security documentation in relation to security monitoring and incident response
  2. Analysis of external (e.g. legislative) and internal requirements and needs of the organisation in relation to security monitoring and incident response
  3. Design and possible implementation of modifications to the technical solution for security monitoring and incident response
  4. Proposed scope and responsibilities of the ALEF CSIRT security team in the organisation
  5. Design of mechanisms for linking security team services to internal processes, creation of incident response plan and classification mechanisms for incidents, setting up escalation processes
  6. Creation of low-level processes for security team services in the organization and creation of playbooks/scenarios for responding to different types of incidents
  7. Providing security monitoring and incident response according to set processes
  8. Regular reporting