UserGate Security Operations Center

2024: Start of Information Security Monitoring Center

On April 26, 2024, UserGate announced the start of its own information security monitoring center (SOC, Security Operations Center), which ensures the prompt detection of information security incidents, their localization and elimination before critical consequences for business. Its services will become available in May 2024. SOC UserGate will not only provide company customers with access to classic monitoring services, but will also allow unloading information security teams of their customers, strengthening expertise in the field of threat detection.

Freepik

According to the company, the demand for commercial SOC services among customers is explained by the need for significant costs for the purchase of hardware and software for building your own in-house SOC, investments in the creation and development of a 24/7 information security team. As of April 2024, only the largest customers have the resources and knowledge necessary to create their own monitoring and response center. Therefore, obtaining cloud SOC services becomes the only opportunity for many enterprises to solve all tasks related to information security monitoring without resorting to serious capital costs.

UserGate has a comprehensive expertise in the field of information security in general. It allows you to offer Russian customers services cloud SOC-a, the so-called. SOCaaS: event monitoring, incident analysis, information security analytics. In addition, the company's capabilities allow us to supplement this offer with services related to system security analysis, cyber criminalism and post-incident analysis, raising awareness of organization employees in the field of information security, both ordinary users and IT specialists, information security consulting, development of architecture and processes related to information security.

SOC UserGate is built according to the classic scheme. It consists of three key components: a team of specialists, the necessary means of technical monitoring and response to incidents, as well as processes that ensure the connectivity of all systems of the center.

The SOC UserGate team includes specialists with experience in creating and developing the largest Russian centers. They have formed three groups that monitor security, develop content (rules for the SIEM system, playbooks in the IRP platform), and proactively search for threats in protected infrastructures. In addition, the center team includes the SRE (Site Reliability Engineering) group, consisting of engineers responsible for implementing, configuring and supporting all SOC technical solutions.

Security monitoring and notification services are provided by information collection systems, which are located at customer sites and send data through secure communication channels to SOC for their processing in automated and, if necessary, manual mode, as well as for enrichment of additional information and further storage. When incidents are detected, the center analysts notify the responsible employees of the customer.

In the future, the basic functionality of SOC will be supplemented by the client's personal account, which will contain all the necessary information, from infographics demonstrating the operation of the infrastructure, incident cards, to SIEM rules and a knowledge base. The personal account will be available to SOC UserGate customers in Q1 2025.

Another expansion of SOC functionality - responding to cyber incidents - is expected before the end of 2025. To receive this service, customers will need to ensure a deeper integration of the SOC technical base with their infrastructures, as well as immersion of the center's specialists in its specifics.

SOC UserGate involves periodic adjustment of the service, which is carried out to change and supplement SIEM rules, settings of information security event sources in accordance with the features of work or changes in customer infrastructures. Regularly, SOC customers receive detailed reports on safety monitoring results and incidents identified in a secure infrastructure. Short information weekly reports and deployed monthly reports are provided.

Finally, another possibility of SOC UserGate is the desire for maximum flexibility in work. It concerns both technical means of interaction with customers (the use of various connection schemes and monitoring means placed inside protected perimeters), and the variability of approaches to the composition and payment of the center services used. SOC services will allow UserGate customers to optimize security costs, reduce the burden on their own information security teams, optimize the risks associated with cyber incidents and overcome their consequences, and, finally, ensure round-the-clock monitoring of their infrastructure.