Information Management

Following several customer requests, DATAPROTECT has set up a "Security Operations Center" (SOC) whose primary task is to provide services related to detection and processing of security incidents. The security center hence gathers the events (namely as logs) displayed by the security components, analyzes them, detects the anomalies and defines responses in the event of the issuance of an alert. This enables DATAPROTECT to offer companies the opportunity to remotely administer the security of their computer equipment by gathering and correlating the logs of its various equipment and security applications (firewall, IDS/IPS, VPN, antivirus, etc.).

Our approach

  • Analysis of the existing situation

    • Identification of the sensitive assets of the IS
    • Inventory of the logs sources

  • Integration of the solution

    • Installation and configuration of the appliance on the customer side
    • Interfacing of the appliance with the SOC
    • Definition of the settings on the SOC side

  • Definition of the logs correlation policies

    • Definition of correlation events
    • Configuration of security alerts
    • Configuration of the dashboards

  • Acceptance testing

  • Ongoing monitoring of the deployment at the SOC level

  • Oversight of the custmer's IS security 24/7

Nos références