Nettitude SOC Powered By Threat2Alert
The Nettitude Security Operations Centers (SOC) deploy Threat2Alert (T2A) to gain visibility and situational awareness (see diagram stage A below) of your environment. The components can be deployed to provide the right level of visibility of your environment and its threat surface.
We do not just rely on Security Information and Event Management (SIEM) and logging tools to send you alerts and reports. The data from all of the Threat2Alert components deployed are analysed by our SOC Security Team and are filtered and investigated.
You are then presented with actionable information (see diagram stage B below). Actionable information may include configuration changes to your firewalls, IPS rules, YARA agents, or it may be user awareness education around phishing emails, policy changes to your security posture or guidance around your architecture and defensive capabilities/systems.
However, we do not stop there – we then follow up to ensure that the actions taken have been effective through monitoring and further testing. We also ensure you have taken an effective response (see diagram stage C below) to the threat that has been identified, so that you have assurance in your security posture.
Threat2Alert (T2A) will provide enhanced, data analytics and intelligence about your environment to the Nettitude SOC. This data is passed through our Indicators of Compromise (IoC) database to generate ‘actionable events’ which in turn are fed back to our analysts. When security incidents are identified, our SOC will provide you with clear and concise guidance to contain the event and manage the next steps. To understand how we use Threat2Alert as part of our managed SOC services, please look here! Threat2Alert Platform