RoboSOC™ (SOC in a box)
The RoboSOC (SOC in a box) service provides clients, with data-residency concerns, peace of mind by providing an on-premise Security Operations Center solution for data gathering, analysis and response.
Many corporations in sensitive and/or public-sector industries want to take advantage of a "Security as a Service” offering, but have legislation and regulation in place which prevents transmission or access of data outside their region – regardless of whether it is over secure lines or not. Traditional Security-as-a- Service offerings require sensitive data to be transmitted to centralized Security Operations Centers – either in other countries or other continents – and management of local administrative tasks is accomplished by remotely located staff.
RoboSOC puts the full capability of a Security Operations Center software and associated infrastructure (firewalls, Network Access Control (NAC), Security Incident and Event Management, etc.) on-premise within our client’s data center and network. We then work with the client to configure the solution to automate notification and response as much as possible and to only the appropriate client resources. Remote access is utilized for updates and management of the box only. RoboSOC is comprised of the following functions:
- Security Intelligence / Incident Management (SIEM) – event correlation and incident response
- Behavior Monitoring – collection and analysis of logs as well as network analysis, availability monitoring
- Intrusion Detection – on the network and the hosts/servers, as well as file integrity checks
- Asset Discovery – active network scanning for new devices as they attach, passive network scanning, provision and update of the asset inventory, as well as inventorying of software on the hosts/servers
- Vulnerability Assessment – continuous vulnerability monitoring, active scanning for authenticated, unauthenticated software and devices
How it works
The RoboSOC architecture is based on the remote on-premise control box which monitors the client’s network and perimeters, providing event information to cloud-based monitoring tools. When an event occurs, a ticket is generated and directly input to the Global SOC ticketing system, where it is reviewed 24x7 by our security-trained analysts and architects. Regional SOC’s with local knowledge of the client’s environment and response requirements will then work with the client operations to ensure a quick and effective response. In addition, summary and detail reports on activities, events and response times, etc. will be provided to the client on a regular basis.
Fact Sheet: ROBOSCO (SOC in a box) (101 KB)
Share this page