Cygilant Blog
SOC-as-a-Service in Practice

SOC-as-a-Service in Practice: 3 Examples of How a SOC Helps

Posted by Ben Harrison on Aug 11, 2020

Our SOC team is monitoring many different IT assets for customers giving them the support and confidence that systems are protected. Here are three examples of where our SOC is helping.

 

1. Windows failed logins from same IP and user in short time

Cygilant Security Monitoring found an issue that the SOC team triaged. Multiple unusual network login failures were seen from the same IP and user, in a short span of time. This showed up in multiple different alerts and alarms which increased suspicion, because even though it was mostly internal it looked like attacker lateral movement attempts. The Cygilant SOC team raised this with the customer who confirmed a malware incident. The Cygilant SOC team was able to identify the problem and offer expertise into how to secure the affected systems, by updating hosts and services.

 

2. Multiple customers targeted scans

As part of routine incident analysis for a new customer, the Cygilant SOC team quickly identified that new type of malicious scanner was being used against them. This was identified thanks to shared indicators, uncovered as part of a previous in-depth investigation done on another separate customer.

While customers many only see an incident once, the Cygilant SOC is monitoring hundreds of systems. As a result, Cygilant customers benefit from the SOC team’s breadth of experience. Most customers are being attacked by the same people and automation. Because of work done on one customer’s data, another customer gets an increased level of service. We use our expertise of customer data analysis to provide value to all customers - a benefit that many can never achieve with only their own internal security team.

 

3. Administrator Account Compromised

Our SOC team provides 24x7x365 security monitoring. On a weekend overnight, a Cygilant SOC analyst noticed that a customer’s administrator account was successfully logged into from a known malicious IP in another country. This was quickly raised to the customer as a high priority and was found to be the first step in a ransomware attack. Cygilant detected the threat as it started and gave the customer enough advance warning to prepare and contain the threat.

 

 

With 24x7 monitoring, Cygilant was able to detect an attack and raise it to the customer out of hours. Instead of returning to work on Monday to a completely decimated environment, Cygilant helped contain the threat before significant damage could occur.

 

How Cygilant SOC-as-a-Service Works

Cygilant SOC-as-a-Service exists to help you. We are a team of people that has your back.

  1. Our SOC and Cybersecurity Advisors partner to monitors systems for threats, vulnerabilities, and patches.
  2. If a possible or suspected breach is identified, our analysts will investigate and triage to determine the threat level. We’ll only call you in the middle of the night if an urgent action is required!
  3. We provide detailed reviews of triggered events across your entire attack surface to identify suspicious activity, make security observations, highlight policy violations and suggest improvements. We advise on security threats with in-depth knowledge about your environment, instead of treating each alert in isolation as good or bad.

 

Learn more about the benefits of a SOC-as-a-Service

 

Benefits of a SOC-as-a-Service

 

 

Tags: SOC as a Service

Most Recent Posts

Subscribe to Email Updates