The Trecom Operational Security Centre (SOC) is a team of analysts who use
specialised tools and processes to detect, analyse, report, respond to, and combat security incidents on our clients’ networks.
Our team accepts requests from users 24 hours a day and constantly monitors systems events to look for evidence of security incidents.
Security incidents are analysed events (notifications) that threaten the integrity, confidentiality, or availability of IT systems or the data these systems process, store, or transmit, as well as events that breach or threaten to breach security policies.
First-line (Tier 1) analysts conduct an initial analysis of events according to the developed procedures. Events and incidents that require advanced analysis are passed to second-line analysts (Tier2). The Trecom SOC’s team of second-line analysts conduct incident response (IR) procedures. When necessary, specialists responsible for Advanced Capabilities also take part in incident response operations. Tasked with managing clients’ security systems, our Operations and Management team also assists in responding to incidents, monitoring systems, and providing additional contextual data.
Security Operations Centre Trecom
Our Incident Response (IR) processes were carefully prepared on the basis of good practices, including: MITRE, NIST SP 800-61, ISO 27035 and ITIL v.3The SOC team works closely with the Trecom Network Operations Centre (NOC), which is why we’re able to offer the unique combination of OSC and NOC support in one service. Combining our services allows us to detect and respond to security incidents significantly more quickly.
In order to best meet our clients’ diverse needs, Trecom SOC Services are offered in packages of carefully-selected operational capacities.
Trecom SOC BLUE – Services focused on detecting, analysing, and reporting incidents.
Trecom SOC GREEN – It includes operational remote incident response and countermeasure implementation coordination capabilities.
Trecom SOC RED – The Trecom SOC RED provides full on-site incident support, evidence security, and dedicated threat trend analysis.
Why the SOC Trecom?
Building an SOC is a long-term, complicated, and financially demanding venture. The IT security market is currently flooded with new technologies, yet it suffers from a shortage of properly prepared specialists. Setting up an SOC and equipping its team with the technologies they need to provide effective Computer Network Defence (CND) is an enormous challenge. It’s all too easy to make the wrong decisions when defining goals, planning, organising, and selecting the appropriate technologies and operational capacities. In the world of IT security, wrong decisions usually come with very expensive results.
Altogether, building and launching an internal SOC usually takes between 18 months and two years. Even with the smallest possible team, the mostly cost of maintaining an SOC can easily reach 70,000 euros.
Estimated cost of maintaining a small SOC team in a medium-sized organisation.
Trecom SOC services can be up-and-running within one to three months of signing an agreement.
In that time:
The Trecom SOC’s strengths:
Trecom has built a well-organised team of experts at its Network Operations Centre (NOC) and Security Operations Centre (SOC). Over 100 organisations have trusted us to manage their network and security systems, including some of the largest companies in Poland and abroad. With our years of experience, we’ve developed the highest standards of incident handling and service management. The team works 24/7 using constantly verified procedures in accordance with ITIL v3.0. We offer a wide range of operational capabilities and instant response. Our experts begin the incident analysis process within minutes after an incident is detected. Thanks to our network of branches and service centres throughout the country, we can arrive at any location in Poland within 4 hours.
Analysing complicated security incidents often requires knowledge that goes beyond the competence of SOC analysts. In such situations, support from IT specialists with knowledge and experience in managing operating systems, databases, mass storage, virtual environments, and networks may be necessary. Responding to security incidents by deploying countermeasures and restoring systems to pre-incident states often requires resources that aren’t available at the SOC.
More and more organisations are deciding to build their own SOC (Security Operations Centre) teams or to establish cooperation with supplies of SOC services.
During our many years of cooperation with the largest corporations and government institutions in Poland and abroad, we’ve learned various approaches to SOC operations. We’ve witnessed our fair share of successes and failures. Above all, we’ve noticed that clients have difficulty accessing coherent, organised knowledge about how SOC units operate.
For this reason, we’ve developed a coherent program of workshops with the goal of providing knowledge about the planning, construction, and operation of SOC units in an accessible form. In our opinion, such knowledge is indispensable for decision-makers responsible for the construction and management of SOC units and for specialists directly involved in SOC and network operations. The training helps clients properly define expectations and quality assessment guidelines, including when working with third-party service providers. Proper understanding of the SOC team’s mission, basic principles, and strategies, as well as the problems they may encounter, is of fundamental importance to the success of SOC construction and operations.
We offer workshops addressing the following issues:
We help clarify requirements and expectations for those who make decisions about building or outsourcing SOC operations. We help them define the operational capabilities and a mission specific to their organisation. We provide the basics so clients can make the best possible use of their resources. We present concepts that will enable better communication with hardware, software, and service providers.
We provide those responsible for SOC construction or cooperation with external service providers with information on the necessary processes, organisational systems, and technologies. We pay attention to what makes project successful, and what mistakes are most often made.
We help SOC team members to better understand their mission and the relationship between their resources and the value they bring to the broader organisation.
For those who work with internal or external SOC unites, we provide information on issues related to IT security, the SOC’s role in an organisation, and the means and importance of communication.
The IT training market offers access to specialist product knowledge as well as training related to specific issues (e.g. web application security). Of course, such knowledge is essential. However, above all the SOC is a team, and its effectiveness result from each member’s cooperation, communication, processes, and tools. That’s why the awareness of the entire team is crucial to its effectiveness.