Whitepaper: Managing your security monitoring requirements using invinsec’s next generation intuitive Security Operations Centre (SOC)

We’re pleased to present our intuitive Security Operations Centre (SOC) solution built to exceed the National Cyber Security Centre (NCSC)’s security monitoring requirements, the Payment Card Industry Data Security Standard (PCI DSS) and the Center for Information Security (CIS) Hardening Standards.

Our cloud based SOC solution, using our BroadBot platform, is central to the cyber security services we offer and is the fastest available on the market as it can be deployed in under 15 minutes. Our cloud has also been architected to support GDPR compliance.

SOC introduction

Our managed SOC solution has been designed and matured to understand attacks on devices from hundreds of vendors in real-time. Therefore, we can have organisations up and running on our systems within 15 minutes of learning about your immediate requirements if necessary.

What is a SOC?

A SOC catches attackers on your network as they perform certain access operations. It leverages the fact that, while attempting to, or after gaining access to a network, attackers will follow a predictable attack pattern: recce, point of entry, lateral movement, and exploitation and exfiltration. Our SOC monitors these patterns and logically predicts at which point an attacker is likely to compromise your assets, such as to quickly warn you and help you shut the attack down.


Fig. 1: Invinsec’s SOC Schematic

Our agent is deployed on your network to collect telemetry data to analyse behavioural patterns. In some instances, where an agent cannot be deployed, live feeds from your systems over Syslog or other secure methods will supply the events data.

Actual data, such as documents are not transferred, thus reducing data protection concerns that you may have.

The need for a state-of-the-art SOC solution

A standard security device (such as an intrusion prevention system, or antivirus product) can only individually provide analysis on a single focal-point within your environment. For example, antivirus will detect known malware on the machine where it is installed, but may not detect known or unknown malware on another unprotected machine on the network; an intrusion prevention system will detect (and possibly prevent) a known attack on your network, but cannot protect you from someone plugging in a malicious USB key to their physical device.

Our SOC provides full real-time situational awareness from endpoints to core to perimeter – it covers the complete enterprise network. It can tell what’s going on in the whole environment if given proper visibility, allowing our team to detect anomalous behaviour and respond to it very quickly.


Fig. 2: UK National Cyber Security Centre (NCSC) SOC Buyer’s Guide dated 24 Sep 2016

Building an effective SOC for “You”

We can help you build an innovative and state-of-the-art SOC for your premises within tight timeframes, faster than any other company in the industry.

In under 15 minutes, any logging capable device can be configured to send its logs to the SOC’s cloud (Windows, Linux, Mac, firewall appliances, etc), while taps can be introduced to read “wire data” if necessary.

We can comply with all of NCSC’s security monitoring requirements (Fig 2) by analysing telemetry data on activity which traverses zones and networks on both internal and external devices, while ensuring appropriate recovery is in place for disasters and providing timely alerts.

Building a reliable, effective and state-of-the-art SOC to tackle emerging cyber threats is:

  • Directly related with the number of hosts being monitored
  • The number of users supported
  • The amounts of data being processed
  • The number of analysts needed for a 24/7/365 monitoring cycle
  • Details of the scope of monitoring
  • The data retention (e.g. Accurate Time in Logs etc.)


If these and other important factors are not calculated correctly at the initial stage it can result in increasing costs, delay and difficulty in setting up a SOC that can perform as desired.

Our standard managed SOC deployment includes a 1-week training package and the option of continuation training support for up to a year. This approach ensures that our SOC is ready to go live in a matter of hours and be fully operational within a couple of weeks. If you wish to move more slowly and do a phased installation we can support this.

We can provide you with examples of the flexibility and scalability of our SOC solution through several hypothetical scenarios demonstrating how easily our solution can be tweaked to meet real-time requirements when stopping “sophisticated” attacks. This can be done once we have a better understanding of your scope and your specific requirements.

Our SOC solution is a holistic approach against most security pain points and gives you an effective cyber resilience strategy. Our SOC is so flexible and dynamic that it can, for example, make use of physical access logs from various sources providing not only full visibility across the whole network infrastructure, but also across any type of logging capable system. This also helps defend against attacks initiated by physical penetration and also the insider threat.

We implement strong encryption on all data in transit and at rest and can provide solutions to encrypt data in transit for scenarios where a device doesn’t support this functionality. Our cloud enables EU organisations to remain GDPR compliant and offers high security data centres in The Netherlands and in London.

We can provide you with an in-depth understanding and knowledge of what is happening in real-time across your entire network infrastructure. Can you afford not to do this?

For a deep-dive demonstration into invinsec’s SOC, any questions, or for more information contact us at: sales@invinsec.com


Leave a Reply