Abacode Team

SOC-as-a-Service

24×7 Managed Security

Service Overview
CyberLorica™ , SOC-as-a-Service

Cyber Lorica ™, Abacode’s 24/7/365 SOC-as-a-Service utilizes a team of US-based cybersecurity professionals and industry-leading cloud-native SIEM & AI platforms (i.e. Splunk, LogRhythm, QRadar, AlienVault, and Darktrace) to provide real-time visibility of your entire threat landscape.  Our unique SOC Operations model provides automated threat detection combined with live analysts that work on your behalf, around the clock. 

Abacode SOC locations

CyberLorica provides proactive:

  • SIEM and AI Threat Detection platform is utilized to monitor your on-premises system, cloud workloads and SaaS solutions
  • Orchestration and automation of remediation actions leveraging other security technologies to respond to incidents quickly and easily
  • Advanced Network Intrusion Detection System (NIDS), User Behavioral Analytics, Dark Web scans, Asset Discovery, and Endpoint Detection and Response (EDR)
  • Highest level of forensic readiness with continuous threat hunting
  • Threat Intelligence from independent, third-party cybersecurity labs, real-time signatures, vulnerabilities, correlation rules, reports, and IR workbooks in addition to industry-leading threat feeds
  • Customized compliance-driven reporting and alarm correlation rules

Service Details Included

Enhanced Real-time Security Monitoring and Alerting

  • 24/7/365 “eyes on glass” from dual, redundant Security Operations Centers (SOCs) in Tampa, FL, and Las Vegas, NV with trained, certified US citizen analysts.
  • Provides Tier I, Tier II, and Tier III monitoring and alerting.
  • Proactive management of security and alerting ecosystem to protect against information security and critical data threats
  • Advanced event correlation to properly and rapidly diagnose security events and alerts for the business
  • Threat Detection platform to provide 24/7 monitoring of client infrastructure

Accelerated incident management process

  • Baseline network operations and expected data flows
  • Cleary defined and well executed playbooks by experienced analysts and automated workflows to reduce false positives
  • Detection, Response and Recovery controls and activities aligned to the US National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) which are used for US critical infrastructure protection
  • Frequent drills and exercises to test the incident response capability and measure its effectiveness – establishing and reporting on Key Performance Indicators (KPIs) regarding effectiveness and response times.

Comprehensive technology onboarding for end-to-end SIEM

  • Industry-leading SIEM platforms (i.e. Splunk, LogRhythm, QRadar, AlienVault, and Darktrace)
  • Customized SIEM deployment based on business requirements and alert preferences
  • Structured and well-defined baselining period focused on emergent threats, risk reduction, and balancing cost

Tactical Threat Intelligence

  • Dedicated Tier III Threat Intelligence Analyst
  • Threat Intelligence feeds from numerous platforms and sharing centers

Incident response 

  • Expert analysis, triage and investigation aided by state-of-the art tools and methods (e.g., MITRE ATT&CK® Framework for kill chain actions)
  • Input/guidance on containment, eradication and remediation – including integration with client ticketing system and remediation workflow

Continuous Tool Evaluation and Improvement

  • Reduce false positives and ensure system is reporting as it should
  • Assist with updating content and enrichment of data
  • Daily Quality Assurance (QA) of monitoring and log collection status
  • Assist and provide troubleshooting of any identified log collection issues
  • Develop and update correlation rules and directives that generate alarms
  • Develop and update, in coordination with customer, customized reports and dashboards
  • Update kill-chain and remediation steps based on emerging data and intelligence.
Abacode Continous Improvement

Includes Abacode’s Cybersecurity Applied Research Lab (CARL) not only to test new product features, but to also take an active role in incident response, including malware analysis and advanced threat hunting

Cybersecurity Applied Research Lab (CARL) not only to test new product features, but to also take an active role in incident response, including malware analysis and advanced threat hunting

Critical Systems Included

Abacode’s CyberLorica provides for 24/7/ 365 of industry critical systems, in addition to your network and infrastructure.

Systems include:

  • Microsoft 365 (formerly known as Office 365)
  • Google Workspace (formerly known as G Suite)
  • Cloud workloads in Azure, Google Cloud and AWS
  • SaaS solutions such as ServiceNow, Salesforce, JIRA, among others
  • Endpoint Protection such as Carbon Black, Windows Defender, Cisco AMP, among others
  • Identity Management such as Okta, Microsoft and Cisco Duo
  • Integration  with other security stack products such as Firewalls, DNS Security, Web Filters, among others

Reporting Tailored to Client Needs

Advanced analytics and reporting

  • 24/7/365 monitoring, alerting, and analysis with reporting on trends and behaviors
  • Log Management, compliance reporting, and real-time monitoring of security control environment
  • Providing situational awareness
  • Recurring customized reports, client meetings, and team meetings as required
  • Holistic quarterly business reviews (QBRs)
  • Regular SIEM alarms reporting, trend analysis, and continuous feedback for change management
  • Asset inventory management and update

 

Service Delivery

  • Individual client instance with absolute segregation of data
  • No modular add-ons required
  • Services provided via a formal Delivery Governance and SLA Management Framework that encompasses:
    • Incident response and escalations
    • Remediation guidelines and support
    • SIEM platform content development and formal change management process
    • Service Level Agreement metrics
    • Operational and regulatory reports distribution

SOC, Integrated Compliance

Integrated SOC-as-a-Service Compliance – Daily reporting

  • Deliver compliance reports for multiple standards on a regular basis
  • Meet specific compliance requirements through SIEM content and configuration development
  • Retention of security logs to meet compliance requirements
  • Create customized reports, alarms, and tailored processes to meet specific compliance challenges unique to each client

HIPAA  |  HITRUST  |  FEDRAMP  |  PCI-DSS  |  ISO 2001  |  SOC 2 Type I/II  |  NIST 800-53  |  CMMC  |  GDPR  |  CCPA  

Service Details – Deliverables

Abacode’s CyberLorica delivers a turnkey holistic solution that includes deployment and configuration of industry leading SIEM solutions (i.e. Splunk, LogRhythm, QRadar, AlienVault, and Darktrace). This deployment and configuration is unique to each client individual instance of the SIEM, including tiered escalations and real-time triaging of alarms specific to each client cybersecurity and compliance requirements.

  • Incident escalations following escalation procedures
  • Documented remediation steps to mitigate escalated alarms
  • Tailored SOC Reports which may include a list of:
    • Alarm Summaries (e.g. Intent, Strategy, Method)
    • Alarm Priority Levels
    • Attack Sources
    • Attack Destinations/Targets
  • Proactive threat-feeds to reduce the risk of compromise due to global zero-day events

Required by Client

  • Client will designate one or more employees to serve as a primary Point of Contact (PoC) for the Abacode SOC team.
  • Provide Abacode with an asset list of all hosts within the scope of the CyberLorica solution.
  • Should client require Abacode on-premise sensor, client will provide Abacode with a site-to-site VPN (for sensor access only). 
  • Provide Abacode with current network equipment that supports port mirroring capabilities and has available ports.
  • Designate IT personnel to:
    • work with Abacode in the creation and implementation of the CyberLorica project plan.
    • work with Abacode in the provisioning and deployment of the SIEM platform.
    • to complete remediation of identified incidents as recommended by Abacode. 
  • Work with Abacode personnel in defining the incident response plan and escalation procedures.

Service Level Response Overview

Incident Response Priority Levels 

Abacode will analyze each event to determine the event’s priority level. The priority level will determine which is the appropriate response to perform for the event. 

 P1 – High Priority: Critical event affecting loss of client data 

Examples: 

  • Ransomware or another malware 
  • Successful SQL injection with loss of data 
  • Successful phishing attack with verified credential compromise or malware installed 
  • Response: Immediate notification via phone with follow-up email for details 

P2 – Medium: Attack on likely vulnerability with no immediate loss of client data 

Examples: 

  • Sinkhole DNS address associated with malware 
  • Bruteforcelogin attempts over 100,000 
  • Successful phishing landing without verified credential compromise or malware  
  • Response: Email notification and call during business hours if no response after 30 minutes 

P3 – Low: Failed attacks, concerning behavior  

Examples: 

  • P2P Software Usage 
  • Unsuccessful phishing attack 
  • Response: Email notification 

 

P4 – Info: Environmental events that could lead to vulnerabilities 

Examples: 

  • NMAP Portscan
  • Failed exploit attempt 
  • Vulnerable services and outdated software 
  • System processes sending unencrypted passwords internally 
  • Response: Include in weekly report for client review until indicated otherwise 

Service Level Response Detail

Incident Analyzation Flowchart 

Abacode SOC members are organized into three tiers and will follow this analyzation/escalation process: 

Default Escalation Outcomes

Unless directed to respond differently, Abacode’s SOC analysts will follow this general guide for escalating incidents to clients:

Abacode SOC-as-a-Service: Strengths

  • Abacode has a historical up time of 100% in the past year.
  • Systems used by Security Operations are hosted in Azure US East Region with redundant systems in AWS US West Region.  Unlike most in the industry, Abacode operates two(2) security operations centers.
  • US citizen analysts only
  • Highly trained cyber analysts with advanced degrees (bachelor’s, master’s and doctoral degrees) and advanced certifications (CEH, CISSP, Security+, CySA+, Network+, and other industry Cloud and analysts’ certifications).
  • Multilingual – English, Spanish, Portuguese, Arabic, French
  • Abacode is compliant against the following best practices standards:
  • SOC 2, Type 1 (Attested)
  • PCI DSS (Compliant)
  • HIPAA (Compliant)
  • ISO 9001 
  • NIST 800-171 (Compliant)
  • SOC 2, Type 2 (Compliant, in Attestation)
  • CIS Top 20 (Compliant)

  • ISO 27001

  • Abacode Operates two 24/7 Security Operations Centers:

SOC I & Applied Research Lab
777 S. Harbour Island Blvd.
Tampa, FL

SOC II
980 Festival Plaza Drive
Las Vegas, NV

Abacode: Company Strengths

  • Abacode is a Managed Cybersecurity & Compliance Service Provider (MCCP) providing fully integrated and holistic Cybersecurity & Compliance Programs – an advanced and evolutionary form of an MSSP.
  • We speak fluent cybersecurity AND compliance.
  • We are a global firm. Multiple, redundant, US-based SOCs in Tampa, FL and Las Vegas, NV
  • We are holistic: A complete virtual cybersecurity & compliance team.
  • We are product agnostic: We work with what you have and meet you where you are.
  • In-house Cybersecurity Applied Research Lab (CARL):
    • Deep ties to academic R&D
    • Collaborative with law enforcement, legal, regulatory, insurance, and compliance advisory firms
    • Executive team of cybersecurity veterans