Services

About CSIRT/SOC

Cyber-attacks to digital infrastructure and assets are globally among the top risks as indicated in The Global Risks Report 2019. Despite various efforts to mitigate, the likelihood of cyber-attacks is continuously increasing not only for private organizations, but also for governments, sectors and even nations.

  • Are organization’s/government’s/sector’s/nation’s digital assets secure?
  • Is an organization/government/sector/nation able to timely detect and respond to cyber incidents?
  • How to ensure and preserve confidentiality, integrity and availability of digital information?

 

These and related questions arise after facing critical incidents, like leakage of confidential data or a shutdown critical infrastructure facility due to Advanced Persistent Threat (APT) or denial of service attacks.

How NRD Cyber Security builds CSIRTs/SOCs?

NRD Cyber Security establishes actionable, service-based internal, sectorial, and national CSIRTs and SOCs as a turnkey solution for clients. NRD Cyber Security CSIRT/SOC stacks integrate the following vital components:  

  • Governance: Mandate definition along with roadmap and strategy preparation
  • People/skills: Providing skills for incident detection and response, threat hunting and digital forensics
  • Processes and services: Incident detection and handling using L1/L2/L3 or custom approach, cyber threat intelligence, threat hunting, Vulnerability Assessments and Penetration Testing (VAPT), process automation and reporting, standard operating procedures
  • Technologic capability: IDS, SIEMS, LOG, IPS, FW, NGFW, CTI, SD4ID and SOAR tooling
  • Measurements: KPIs, SLAs, applying international best cybersecurity practices, such as SIM3 or SOC-CMM models
  • International recognition: Assessments and introduction to Forum of Incident Response Teams (FIRST.Org), TF-CSIRT community

 

The typical NRD Cyber Security baseline for CSIRT/SOC establishment is:

  1. Performing initial assessment
  2. Preparation of a detailed CSIRT/SOC design and implementation plan
  3. Preparation (review) of CSIRT/SOC mandate
  4. Preparation of technical solutions architecture along with identification and proposal of alternatives for most suitable components
  5. Preparation of essential policies and procedures
  6. Implementation of technology solutions
  7. Training sessions for staff
  8. Soft launch
  9. Update and upgrade of security operations
  10. Official launch
  11. Continuous support after the launch

Depending on the assignment, first actionable results usually come within the 4 months. Please contact us for more detailed CSIRT/SOC implementation plan.

Benefits

CSIRT/SOC allows:

  • Manageable, coordinated and competent one-stop centers to deliver cybersecurity services for its constituencies;
  • Effective, efficient and integrated cyber incident detection, response and recovery services to the constituency;
  • Applied best international practice in a form of technology selection, delivery, operations, maturity assessments and roadmaps;
  • Maximized Return on Investments (ROI);
  • Recognition among cybersecurity community locally and internationally.

Proven track record

In 2015-2019, NRD Cyber Security has successfully established 3 national / government CSIRTs in Bangladesh, Bhutan, and Cyprus, implementing various SOC/CSIRT capabilities building projects in Lithuania, Bangladesh, Egypt and South Africa.

Company experts continuously engage in cyber security projects in private sector, academia, and military. NRD Cyber Security is a member of various international organizations, like GFCE, ITU-D, ECSO, FIRST.Org, and Trusted Introducer.

Below you can find 4 different CSIRT/SOC stacks. Contact our corporate governance of information security expert Sigitas Rokas at sr@scdrnlt for more information and advice on the most suitable stack for your organization.

 
MINI
BASIC
Effective
Full Scale
Governance
Governance
  • Mandate definition
  • FIRST.Org membership
  • Roadmap and strategy
Governance
  • Mandate definition
  • FIRST.Org membership
  • Roadmap and strategy
Governance
  • Mandate definition
  • FIRST.Org membership
  • Roadmap and strategy
  • Orgchart buildout 
Governance
  • Mandate definition
  • FIRST.Org membership
  • Roadmap and strategy
  • Orgchart buildout 
Peolpe
Peolpe
  • Featured CSIRT training 
  • Limited remote support

Peolpe
  • Relevant CSIRT training 
  • Remote support
  • SOPs
  • Study mission tours
Peolpe
  • Relevant CSIRT training 
  • Remote support
  • SOPs
  • Study mission tours
Peolpe
  • Relevant CSIRT training 
  • On-site and remote support
  • SOPs
  • Study mission tours
Processes and services
Processes and services
  • Incident handling service
  • Incident handling process
Processes and services
  • Incident handling and outreach
  • Infrastructure support 
  • Standard reporting 
Processes and services
  • Incident handling and outreach, digital forensics, vulnerability management
  • Process automation
  • Infrastructure support 
  • Standard reporting 
Processes and services
  • Full scale CSIRT/SOC services
  • Process automation
  • Automated custom reporting 
  • Maturity progress assessment 
  • Infrastructure support
Measurements
Measurements
  • A few KPIs
  • No SLAs
Measurements
  • Basic KPIs
  • SLAs for processes
Measurements
  • KPIs system
  • SLAs for processes
  • SIM3 successful audit
Measurements
  • KPIs system
  • SLAs for services and automation
  • Annual reviews SOC-CMM L3 C1.5
Technological Capability
Technological Capability
  • Incident registration and handling
  • PGP
Technological Capability
  • Incident registration and handling
  • Outreach and visualization portal
  • Internal support, PGP
  • Simple vulnerability assessment 
Technological Capability
  • Incident detection and handling
  • Outreach and visualization portal
  • Internal support, PGP
  • Simple vulnerability assessment 
  • Simple video wall
  • Simple threat intelligence 
  • Simple digital forensics
  • Simple integration with ex.tooling
  • Situational awareness
Technological Capability
  • Incident detection and handling
  • Outreach and visualization portal
  • Internal support, PGP
  • Vulnerability assessment
  • Video wall
  • Threat intelligence 
  • Digital forensics
  • Integration with existing tooling
  • Situational awareness and EWS
  • Multi-site sensing at CII
Local resources
Local resources

2-5 people

Local resources

5-10 people

Local resources

7-15 people

Local resources

15-45 people

Duration
Duration

9 months

Duration

12 months

Duration

12-24 months

Duration

24-36 months

  • Growing cybersecurity maturity for The University of Cape Town (UCT)

    Country South Africa

    Read more
  • Secure Soft security operation center (SOC) maturity assessment in Peru

    Country Peru

    Read more
  • National Computer Incident Response Team Establishment

    Country Bangladesh

    Read more
  • National Cyber Security Incident Response Team Development

    Country Kingdom of Bhutan

    Read more