24×7 Managed Security
CyberLorica™ , SOC-as-a-Service
Cyber Lorica ™, Abacode’s 24/7/365 SOC-as-a-Service utilizes a team of US-based cybersecurity professionals and industry-leading cloud-native SIEM & AI platforms (i.e. Splunk, LogRhythm, QRadar, AlienVault, and Darktrace) to provide real-time visibility of your entire threat landscape. Our unique SOC Operations model provides automated threat detection combined with live analysts that work on your behalf, around the clock.
CyberLorica provides proactive:
- SIEM and AI Threat Detection platform is utilized to monitor your on-premises system, cloud workloads, and SaaS solutions
- Orchestration and automation of remediation actions leveraging other security technologies to respond to incidents quickly and easily
- Advanced Network Intrusion Detection System (NIDS), User Behavioral Analytics, Dark Web scans, Asset Discovery, and Endpoint Detection and Response (EDR)
- Highest level of forensic readiness with continuous threat hunting
- Threat Intelligence from independent, third-party cybersecurity labs, real-time signatures, vulnerabilities, correlation rules, reports, and IR runbooks in addition to industry-leading threat feeds
- Customized compliance-driven reporting and alarm correlation rules
Service Details Included
Enhanced Real-time Security Monitoring and Alerting
- 24/7/365 “eyes on glass” from dual, redundant Security Operations Centers (SOCs) in Tampa, FL, and Las Vegas, NV with trained, certified US citizen analysts.
- Provides Tier I, Tier II, and Tier III monitoring and alerting.
- Proactive management of security and alerting ecosystem to protect against information security and critical data threats
- Advanced event correlation to properly and rapidly diagnose security events and alerts for the business
- Threat Detection platform to provide 24/7 monitoring of client infrastructure
Accelerated incident management process
- Baseline network operations and expected data flows
- Clearly defined and well executed playbooks by experienced analysts and automated workflows to reduce false positives
- Detection, Response and Recovery controls and activities aligned to the US National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) which are used for US critical infrastructure protection
- Frequent drills and exercises to test the incident response capability and measure its effectiveness – establishing and reporting on Key Performance Indicators (KPIs) regarding effectiveness and response times.
Comprehensive technology onboarding for end-to-end SIEM
- Industry-leading SIEM platforms (i.e. Splunk, LogRhythm, QRadar, AlienVault, and Darktrace)
- Customized SIEM deployment based on business requirements and alert preferences
- Structured and well-defined baselining period focused on emergent threats, risk reduction, and balancing cost
Tactical Threat Intelligence
- Dedicated Tier III Threat Intelligence Analyst
- Threat Intelligence feeds from numerous platforms and sharing centers
- Expert analysis, triage and investigation aided by state-of-the art tools and methods (e.g., MITRE ATT&CK® Framework for kill chain actions)
- Input/guidance on containment, eradication and remediation – including integration with client ticketing system and remediation workflow
Continuous Tool Evaluation and Improvement
- Reduce false positives and ensure system is reporting as it should
- Assist with updating content and enrichment of data
- Daily Quality Assurance (QA) of monitoring and log collection status
- Assist and provide troubleshooting of any identified log collection issues
- Develop and update correlation rules and directives that generate alarms
- Develop and update, in coordination with customer, customized reports and dashboards
- Update kill-chain and remediation steps based on emerging data and intelligence.
Includes Abacode’s Cybersecurity Applied Research Lab (CARL) not only to test new product features, but to also take an active role in incident response, including malware analysis and advanced threat hunting.
Critical Systems Included
Abacode’s CyberLorica provides 24/7/ 365 cybersecurity monitoring of industry-critical systems, in addition to your network and infrastructure.
- Microsoft 365 (formerly known as Office 365)
- Google Workspace (formerly known as G Suite)
- Cloud workloads in Azure, Google Cloud, and AWS
- SaaS solutions such as ServiceNow, Salesforce, JIRA, among others
- Endpoint Protection such as CrowdStrike, Carbon Black, Windows Defender, Cisco AMP, among others
- Identity Management such as Okta, Microsoft, and Cisco Duo
- Integration with other security stack products such as Firewalls, DNS Security, Web Filters, among others
Reporting Tailored to Client Needs
Advanced analytics and reporting
- 24/7/365 monitoring, alerting, and analysis with reporting on trends and behaviors
- Log Management, compliance reporting, and real-time monitoring of security control environment
- Providing situational awareness
- Recurring customized reports, client meetings, and team meetings as required
- Holistic quarterly business reviews (QBRs)
- Regular SIEM alarms reporting, trend analysis, and continuous feedback for change management
- Asset inventory management and update
- Individual client instance with absolute segregation of data
- No modular add-ons required
- Services provided via a formal Delivery Governance and SLA Management Framework that encompasses:
- Incident response and escalations
- Remediation guidelines and support
- SIEM platform content development and formal change management process
- Service Level Agreement metrics
- Operational and regulatory reports distribution
SOC, Integrated Compliance
Integrated SOC-as-a-Service Compliance – Daily reporting
- Deliver compliance reports for multiple standards on a regular basis
- Meet specific compliance requirements through SIEM content and configuration development
- Retention of security logs to meet compliance requirements
- Create customized reports, alarms, and tailored processes to meet specific compliance challenges unique to each client
HIPAA | HITRUST | FEDRAMP | PCI-DSS | ISO 27001 | SOC 2 Type I/II | NIST 800-53 | CMMC | GDPR | CCPA
Service Details – Deliverables
Abacode’s CyberLorica delivers a turnkey holistic solution that includes deployment and configuration of industry leading SIEM solutions (i.e. Splunk, LogRhythm, QRadar, AlienVault, and Darktrace). This deployment and configuration is unique to each client individual instance of the SIEM, including tiered escalations and real-time triaging of alarms specific to each client cybersecurity and compliance requirements.
- Incident escalations following escalation procedures
- Documented remediation steps to mitigate escalated alarms
- Tailored SOC Reports which may include a list of:
- Alarm Summaries (e.g. Intent, Strategy, Method)
- Alarm Priority Levels
- Attack Sources
- Attack Destinations/Targets
- Proactive threat-feeds to reduce the risk of compromise due to global zero-day events
Required by Client
- Client will designate one or more employees to serve as a primary Point of Contact (PoC) for the Abacode SOC team.
- Provide Abacode with an asset list of all hosts within the scope of the CyberLorica solution.
- Should client require Abacode on-premise sensor, client will provide Abacode with a site-to-site VPN (for sensor access only).
- Provide Abacode with current network equipment that supports port mirroring capabilities and has available ports.
- Designate IT personnel to:
- work with Abacode in the creation and implementation of the CyberLorica project plan.
- work with Abacode in the provisioning and deployment of the SIEM platform.
- to complete remediation of identified incidents as recommended by Abacode.
- Work with Abacode personnel in defining the incident response plan and escalation procedures.
Service Level Response Overview
Incident Response Priority Levels
Abacode will analyze each event to determine the event’s priority level. The priority level will determine which is the appropriate response to perform for the event.
P1 – High Priority: Critical event affecting loss of client data
- Ransomware or another malware
- Successful SQL injection with loss of data
- Successful phishing attack with verified credential compromise or malware installed
- Response: Immediate notification via phone with follow-up email for details
P2 – Medium: Attack on likely vulnerability with no immediate loss of client data
- Sinkhole DNS address associated with malware
- Bruteforcelogin attempts over 100,000
- Successful phishing landing without verified credential compromise or malware
- Response: Email notification and call during business hours if no response after 30 minutes
P3 – Low: Failed attacks, concerning behavior
- P2P Software Usage
- Unsuccessful phishing attack
- Response: Email notification
P4 – Info: Environmental events that could lead to vulnerabilities
- NMAP Portscan
- Failed exploit attempt
- Vulnerable services and outdated software
- System processes sending unencrypted passwords internally
- Response: Include in weekly report for client review until indicated otherwise
Service Level Response Detail
Incident Analyzation Flowchart
Abacode SOC members are organized into three tiers and will follow this analysis/escalation process:
Default Escalation Outcomes
Unless directed to respond differently, Abacode’s SOC analysts will follow this general guide for escalating incidents to clients:
Abacode SOC-as-a-Service: Strengths
- Abacode has a historical up time of 100% in the past year.
- Systems used by Security Operations are hosted in Azure US East Region with redundant systems in AWS US West Region. Unlike most in the industry, Abacode operates two(2) security operations centers.
- US citizen analysts only
- Highly trained cyber analysts with advanced degrees (bachelor’s, master’s and doctoral degrees) and advanced certifications (CEH, CISSP, Security+, CySA+, Network+, and other industry Cloud and analysts’ certifications).
- Multilingual – English, Spanish, Portuguese, Arabic, French
- Abacode is compliant against the following best practices standards:
- SOC 2, Type 1 (Attested)
- PCI DSS (Compliant)
- HIPAA (Compliant)
- ISO 9001
- NIST 800-171 (Compliant)
- SOC 2, Type 2 (Attested)
- CIS Top 20 (Compliant)
- ISO 27001
Abacode Operates two 24/7 Security Operations Centers:
SOC I & Applied Research Lab
777 S. Harbour Island Blvd.
980 Festival Plaza Drive
Las Vegas, NV
Abacode: Company Strengths
- Abacode is a Managed Cybersecurity & Compliance Service Provider (MCCP) providing fully integrated and holistic Cybersecurity & Compliance Programs – an advanced and evolutionary form of an MSSP.
- We speak fluent cybersecurity AND compliance.
- We are a global firm. Multiple, redundant, US-based SOCs in Tampa, FL and Las Vegas, NV
- We are holistic: A complete virtual cybersecurity & compliance team.
- We are product agnostic: We work with what you have and meet you where you are.
- In-house Cybersecurity Applied Research Lab (CARL):
- Deep ties to academic R&D
- Collaborative with law enforcement, legal, regulatory, insurance, and compliance advisory firms
- Executive team of cybersecurity veterans