See how a cyberattack happens and how we defend against it... 

Comprehensive cybersecurity for your organization

Trecom SOC (Security Operations Center) is a team of experienced experts and analysts who will watch over your company’s cybersecurity 24/7. 

Using specialized tools and processes, the SOC detects, analyzes, reports, and responds to security incidents in your organization. 

Continuous monitoring of systems and networks minimizes the time between detecting a threat, removing its cause, and reporting the incident, significantly reducing the potential impact of an attack. 

Our service is designed for large and 

medium-sized organizations that want to: 

  • improve their cybersecurity 
  • ensure compliance with upcoming regulatory requirements (NIS2, CER, DORA), which come into force as early as October 2024 

reduce spending on cybersecurity by outsourcing their SOC team


Trecom SOC is a well-organized team of experts, working as part of our Network Operations Center (NOC) and Security Operations Center (SOC). 

The team works 24/7 based on continuously revised and updated ITIL v3.0-compliant procedures, commencing incident analysis within minutes of detection.  


SOC team available 24/7

Immediate response in the event of a cybersecurity incident. 

Why it matters:

According to the Sophos report in the first half of 2023, 81% of ransomware attacks occurred outside traditional business hours.


Continuous monitoring
of networks and systems.

Detect, respond to, and report vulnerabilities or incidents as soon as they occur. 

Why it matters:

The NIS 2 directive requires initial reporting of cybersecurity incidents within 24 hours. Failure to do so may result in a financial penalty.


50 highly qualified engineers representing a variety of specialties, available from 1 to 3 months after signing the contract.

Support from top industry professionals in a cost-effective subscription model. 

Why it matters:

According to our analysis, it usually takes between one and a half and two years to put together an internal SOC team. The monthly cost of even the smallest possible SOC team can easily exceed €70,000.

Trecom SOC is about more than just network monitoring and instant threat response.

Our experts conduct workshops, help select and implement technologies and tools, develop and implement an incident response system, and configure automation rules.

All to provide your organization with the best possible security.


To ensure rapid response to cybersecurity incidents, the Trecom SOC is divided into four teams. 

First-line analysts (Tier 1) 
receive reports and conduct preliminary incident analysis 

Second-line (Tier 2) analysts 
conduct advanced incident analysis and coordinate incident response in order to eliminate the threat 

Tier 3 experts 
analyze the most difficult incidents, coordinate incident response, use advanced technologies such as Cyber Threat Intelligence 

Advanced operational capabilities team 
analyzes investigative materials and malware, performs penetration testing, and proactively looks for threats (Threat Hunting) 

Why is this important?  

According to an IBM report, in 2023, the average time to detect a security incident was 212 days, while the average time to patch a security vulnerability was up to 75 days! Working in teams with defined competencies based on proven procedures dramatically reduces incident response time.

We also offer our Network Operations Center (NOC), which complements the SOC in the O&M model.


Our Trecom SOC experts will help you choose the right cybersecurity technologies and tools based on the resources available to your organization. 

Trecom has a long-standing partnership with Cisco, a global leader in the technology sector. 

Our collaboration has resulted in the CiSOC service, which combines the experience and expertise of the Trecom SOC team with state-of-the-art cybersecurity tools from Cisco and SecureVisio's SIEM/SOAR platform. 

Though we can provide this technology as part of the SOC service, we would emphasize that Trecom SOC's competence and capabilities are universal and are not limited to a particular solution or software provider. 

Cisco CiSOC includes: 

Cisco Umbrella

More than 90% of attacks are carried out using the DNS protocol, according to Cisco’s annual security report. Cisco Umbrella responds to this threat.

Cisco Umbrella is the first line of protection and a source of valuable data (telemetry) for SOC analysts. Based on the world’s second-largest DNS system, this solution uses the expertise of more than 400 Cisco TALOS specialists to analyze and catalog Internet domains.

By analyzing DNS queries, Umbrella can protect virtually every connection from any host on the internal network in real time. The solution automatically blocks access to malicious domains and URLs, IPs, and files before a connection is established or a file is downloaded to an end device.

The system makes it significantly more difficult for cybercriminals to carry out a successful attack, giving security staff the ability to detect new domains, created for the purpose of a cyberattack, phishing, or C2 callbacks.

Cisco Secure

An extremely effective EDR/XDR solution that provides protection and monitoring of internal workstations and servers. Secure Endpoint works by tracking activities conducted on the host down to each individual process. This allows the solution to protect end stations from advanced threats, including zero day attacks and ransomware.

From the perspective of SOC analysts, its biggest advantage is the quality and quantity of information it provides on any unusual activities on the part of applications, users, or processes, correlating these activities in the form of a cause-and-effect sequence (Device Trajectory), retroactive up to 30 days.

SecureEndpoint addresses the full lifecycle of advanced malware and analyzes what happened before, during, and after the attack. Critical to this solution is its ability to trace malware’s path and to identify its entry point into the system (the “patient zero”), all in great detail.

Cisco Secure
Network Analytics

This NDR system effectively monitors network traffic, including connections between on-premises and cloud resources.  Cisco Secure Network Analytics perfectly complements the security system by assisting SOC analysts in detecting Lateral Movement techniques used by cybercriminals.

Cisco Secure Network Analytics analyzes the encrypted network traffic that most Internet users – including hackers – now use. Unusual behavior or signs of malicious activity generate an automatic alert, allowing for immediate analysis and response.

Cisco Secure
Firewall Threat Defense

An NGFW-class firewall is the foundation of a modern security system. Equipped with SNORT3’s excellent IDS/IPS engine and Advanced Malware Protection module, Cisco Firepower is an excellent tool in the hands of SOC analysts, enabling them to efficiently and effectively implement company security policies.

Integration with the Cisco Threat Grid (Sandbox) environment and knowledge bases frequently updated with the latest threats published by Cisco Talos provide a major deterrent to the cybercriminals’ activities and a strong source of telemetry for SOC analysts.


SecureVisio is a cybersecurity management solution that combines log, incident, vulnerability, and business risk management functions. With its SIEM, SOAR and UEBA modules, the Trecom SOC team can automatically triage incidents and improve incident handling using the developed handling scenarios. 

SecureVisio's valuable features include its built-in security rules created based on the Mitre matrix, the ability for SOC analysts to create their own rules, and the ability to use rules crowdsourced from the cybersecurity community, such as SIGMA Rules. This allows the organization to establish a solid cybersecurity foundation.  Though SecureVisio can be provided together with SOC service as a package, it is worth noting that Trecom SOC's competence and capabilities are universal and are not limited to a particular solution or software provider. 


Automates the work of SOC analysts, enabling incident response based on established handling scenarios

Saves time and minimizes the risk of human error 

Why it's important:

According to the Sum Logic report, large companies experience more than 1,000 cybersecurity alerts per day. The average handling time for a single alert is about 10 minutes. This means that without automation tools, analysts would have to spend 167 hours a day analyzing alerts.


It provides both technical (CVSS assessment) and context (location in the organization’s infrastructure, type of data stored, etc.) data for each incident.

Prioritize incidents and vulnerabilities of high importance to your organization

Why it's important:

According to the CriticalStart report, between 25 and 75 percent of alerts generated by cybersecurity tools are false positives. Context and technical data allow us to assess which notifications pose a real risk for the organization.


Meets regulatory requirements, such as UoKSC risk assessment based on ISO/IEC 27005, notification of personal data security breaches in accordance with GDPR, etc.

NIS2 compliance

Why it's important:

NIS 2 provides for a significant increase in penalties for violations of cybersecurity requirements for applying risk management and incident handling measures. The maximum penalty may be at least €10 million, or 2% of total annual global turnover.

Contact Form

Learn more about Trecom SOC and sign up for a free consultation.  

    Klauzula informacyjna

    1. Administratorem Pani/Pana danych osobowych jest „Trecom Spółka Akcyjna” sp.k. z siedzibą w Warszawie (02-908), ul. Czyżewska 10, wpisaną do rejestru przedsiębiorców Krajowego Rejestru Sądowego  prowadzonego przez Sąd Rejonowy dla m. st. Warszawy w Warszawie, XII Wydział Krajowego Rejestru Sądowego, pod numerem KRS: 0000536030, NIP: 524-23-48-867, e-mail:
    2. Pani/Pana dane osobowe będą przetwarzane w celach marketingowych oraz w celu komunikacji drogą elektroniczną (wysyłanie informacji handlowych) na podstawie dobrowolnie wyrażonej zgody – art. 6 ust. 1 pkt a RODO. 
    3. Administrator może ujawniać Pani/Pana dane osobowe podmiotom współpracującym z Administratorem na podstawie pisemnych umów powierzenia przetwarzania danych osobowych, w celu realizacji określonych w umowie zadań i usług na rzecz Administratora, w szczególności w zakresie obsługi marketingowej, obsługi prawnej lub doradczej. Dane mogą być też ujawniane operatorom pocztowym i kurierom oraz uprawnionym organom administracji publicznej.
    4. Administrator może udostępnić Pani/Pana dane wskazanych poniżej podmiotom należącym do grupy kapitałowej Trecom tj.: „Trecom Kraków Spółka Akcyjna” sp.k., Trecom Wrocław Sp. z o.o., Trecom Łódź Sp. z o.o., Trecom Nord Sp. z o.o., Trecom Enterprise Sp. z o.o., Trecom Poznań Sp.  z o.o., Intertrading Systems Technology Sp. z o.o. w celu prowadzenia rejestru aktualnie obsługiwanych podmiotów.
    5. Pani/Pana dane osobowe przetwarzane na podstawie prawnie uzasadnionego interesu Administratora będą przetwarzane do czasu złożenia sprzeciwu, a dane przetwarzane na podstawie zgody do czasu wycofania tej zgody. Jednak w celu zapewnienia wysokiej dbałości o prawa osób, których dane dotyczą Administrator zwróci się o odświeżenie zgody po upływie około 3 lat, chyba że w tym czasie osoba, której dane dotyczą, cofnie zgodę lub złoży sprzeciw.
    6. Pani/Pana dane nie podlegają zautomatyzowanemu podejmowaniu decyzji.
    7. Posiada Pani/Pan prawo dostępu do treści swoich danych osobowych, ich sprostowania, usunięcia, otrzymania kopii danych, ograniczenia przetwarzania oraz prawo do wniesienia sprzeciwu wobec przetwarzania,  cofnięcia zgody, a także prawo do przenoszenia swoich danych.
    8. W razie gdyby uznała Pan/Pani, iż przetwarzanie Pana/Pani danych osobowych narusza przepisy o ochronie danych osobowych przysługuje Panu/Pani prawo do złożenia skargi do organu nadzorczego – Prezesa Urzędu Ochrony Danych Osobowych.