Socwise logo
close
Dániel Tóvaj
12/03/2024

Introducing our Engineering team: at the forefront of IT security

Dániel Tóvaj
SOCWISE’s engineering team provides advanced IT security solutions using the NetWitness platform, ensuring proactive monitoring, rapid response, and custom integration for enhanced cybersecurity. Learn more in our article.

The Engineering team of SOCWISE’s InfoSec division specializes in the most modern security solutions, particularly in the NetWitness platform which is a comprehensive SIEM (Security Incident and Event Management) solution. This system enables companies to manage their IT security processes in a centralized and effective way, including the following:

  • Mail servers and Active Directory logging,
  • Firewall and network device monitoring,
  • Windows and Linux server log analysis,
  • Network traffic collection and analysis (packet capture),
  • EDR (Endpoint Detection and Response) data processing,
  • Using the UEBA (User and Entity Behavior Analytics) module to automatically recognize and alert about suspicious activities.

Technical solutions and services

NetWitness is not just a simple SIEM solution, but a complex system that provides integrated monitoring, so that companies can immediately react to security incidents and events. The engineering team of the InfoSec division is responsible for developing the system, setting it up and integrating different types of events - in cooperation with the different operator teams of the customers. During integration, the team considers the customer's unique security and operational needs.

The complexity of the NetWitness platform enables:

  • Comprehensive monitoring of the IT infrastructure,
  • Rapid response to security incidents,
  • Custom integration with other systems such as QRadar and Microsoft Azure Sentinel.

SOC services and consulting

EURO ONE offers an MSSP (Managed Security Service Provider) service, which provides SOC-based (Security Operation Center) support, the basis of which is also provided by the engineering team. This service is particularly useful for customers who do not have their own SOC:

  • The NetWitness technology is scalable, so it makes enterprise-level IT security available to small and medium-sized companies.
  • Customers get professional analyst support to manage security incidents, avoiding the complexity of building an SOC.

The use of NetWitness and similar systems is crucial for customers, as they contribute to the immediate detection and management of security events and incidents, thus increasing the security and transparency of corporate IT systems and reducing the risk of cyber threats and vulnerability exploits. EURO ONE is capable of adapting flexibly to the needs of customers and ensures continuous monitoring and management of security incidents efficiently. Therefore, it is important for customers to use such advanced systems, as these systems significantly contribute to proactively strengthening the security of their systems by drawing a suitable conclusion from IT security incidents. 

Proactive protection and AI-based analysis

The team not only takes part in the deployment and operation of NetWitness, but also provides consulting and has competence in other SIEM systems, such as QRadar and the cloud-based Microsoft Azure Sentinel. The NetWitness system also includes an EDR agent-based solution.

Additional advantages of the EDR solution include:

  • A behavioral analysis-based approach that goes beyond the reactive functions of traditional antivirus software,
  • Preventing complex attacks with the help of event correlation.

It mainly helps in effectively preventing even an advanced form of attack by correlating events from different sources within the NetWitness system. In addition, of course, it also has a blocking function, but this blocking routine is controlled by the SOC team, so that only activities deemed dangerous are actually blocked. The three main components of the system – logs, network traffic and endpoint detection – are connected by the UEBA module.

The system’s artificial intelligence-based UEBA module:

  • Learns the customer's specific patterns,
  • Automatically generates alerts about any deviations,
  • Supports the recognition and blocking of suspicious behavior patterns.

DevOps and support competencies

The engineering team also performs DevOps tasks, including:

  • The development of scripts that support daily operations,
  • Configuration and backup of virtual machines,
  • Support for setting up customer-specific source devices, especially in less experienced IT security environments.

Industry relevance and flexible services

The engineering team of EURO ONE's InfoSec division provides services to companies in various industries, such as the pharmaceutical industry and financial institutions, as well as in the public sector, providing comprehensive protection and support.
In order to flexibly adapt to client-specific needs and enhance visibility, the team provides a transparent and centralized platform for handling security issues.

Visibility is key for customers to see and understand security issues in their company in a centralized interface, even in an automated way. It helps them to identify and prevent situations where companies think they are secure but are actually vulnerable and susceptible to data theft or other security incidents.
This diversity of competencies and services enables EURO ONE to play a key role in maintaining and improving the IT security of its customers.

SOCWISE © 2022 ALL RIGHTS RESERVED  Business value protection in expert hands.
crossmenu
SOCWISE
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.