SOC

Introduction

SOC is the centralized cyber security monitoring and operation system. SOC uses intelligent data processing technology. Besides monitoring the availability of important services in the system, SOC has the ability to detect attacks that are typical of APT attacks, DDoS attacks, XSS attacks, etc., thereby warning administrator to isolate and handle computers that have been hacked, preventing hackers from having deep access to the system.

Features

Main Features

  • Analyze and warn of network events and attacks in real time.
  • Continuously update the list of C&C servers from prestigious sources in the world
  • Monitor, detect and warn of DDoS attacks
  • Retrieve event log from all events generated in the network through raw-log data, convenient for troubleshooting and investigating. 
  • Monitor, detect and early warn of APT attacks targeting the system.
  • Detect potential threats from the analysis of event log
  • Monitor, detect and alert about computers, servers, network devices in the system with abnormal traffic.
  • Monitor, detect and alert about computers, servers connecting to unauthorized services.
  • Real-time monitoring and promptly alert to administrator via SMS, Email.
  • Export and send periodically report via email to the management and leadership teams about the situation of security monitoring throughout the system.
  • Monitor, detect and analyze attacks can happen to the system in real-time through event log.
  • Equipped with technologies to collect and analyze data
  • Monitor, detect and alert abnormal behaviors on computers, servers: login for many times, full occupation of hard disk, etc.
  • Detect, prevent dangerous software, behaviors.
  • Ability to combine with other tools, network system to give alert.

Collection components

  • Collect data from different sources: Syslog, Traffic, NIDS, HIDS, Firewall, Anti Virus, etc.
  • Handle early detection of abnormal signs
  • Store package in the full form
  • Collect and standardize data from different sources.

Analysis components

  • Gather and process record data pushed from data collection components
  • Allow administrators to add, edit and delete rules to detect network incidents and events
  • Analyze incident detection data and send notices to administrators and levels via email, sms, etc.
  • Display warnings and statistics of network incidents
  • Transfer analyzed data to the storage component

Storage components

  • Store data as events that have been processed and analyzed
  • Allow querying all data in the long time to support troubleshooting investigation
  • Allow scheduling, time-saving data types
  • Easy to expand and enable storage on multiple buttons

System architecture

 

Hardware requirements

OC server

CPU

Ram

Disk

OS

Sensor

8 cores

16 GB RAM

100TB

Ubuntu server 16.04.1

Master Server

8 cores

16 GB RAM

2TB

Ubuntu server 16.04.1

Storage

8 Cores

32 GB RAM

100TB

Ubuntu server 16.04.1

 

Price

To learn about the price, contact us here.