Network and Security Operations Center
(NOC and SOC as a Service)
Through our NSOC's integrated approach, we offer managed services that allow you to monitor and manage security and business infrastructure incidents.
Our main objectives are to help companies detect, analyze, resolve, and improve response to problems or incidents in business processes and in the company's information and communication systems.
Certifications
We are one of the few centers in Latin America to have the following certifications in its operational processes:
3 levels of care
Our team is made up of analysts and operators with diverse backgrounds who are constantly trained and certified, and includes IT components from the best technologies and brands. See partners
They are organized into three levels according to their level of specialization, which allows us to provide agile responses depending on the nature and complexity of the problem.
LEVEL 1 . OPERATIONAL
Event and Cybersecurity Management
Focused on performing malware analysis and enrichment, as well as inverting atomic, static, and behavioral threat indicators in defensive cybersecurity systems.
GOALS
Manage our clients' security assets.
Monitor security events, alerts, and potential threats.
Gather information to determine a context.
Categorize incidents through triage.
LEVEL 1 MONITORING
Incident monitoring
MANAGED SERVICES
Firewall or UTM
IPS Intrusion Prevention System
Endpoint (AV/EDR)
VPNs
Web Filtering
E-mail
SD - Secure WAN
WAF
LEVEL 2. TACTICAL
Incident Management
Focused on understanding adversary capabilities, infrastructure, and TTPS, and then leveraging that understanding to conduct more targeted and prioritized cybersecurity iterations.
GOALS
The incident is analyzed, comparing information from different sources.
It is determined whether it affects critical systems.
Possible remediation to be applied is recommended.
MANAGED SERVICES
SIEM as a Service
Vulnerability Management.
Incident Response.
Security incident monitoring.
Orchestration.
Hardening of safety equipment.
Brand Protection.
SIEM as a Service
CENTER Incident Response
SIEM, or Security Information and Event Management, is a tool for monitoring and correlating anomalous or suspicious events in real time to effectively detect, investigate, contain, and remediate threats.
Reports and analyses are generated for the client from all the information collected by the SIEM about an organization's IT infrastructure.
Nordstern offers a comprehensive SIEM solution and is offered as a service. This means it will be monitored and managed from the cloud, bringing multiple benefits to organizations.
Nordstern's Incident Response Center is the first in the Americas and the third in the world endorsed by Kaspersky experts.
Through this center, we provide organizations with the ability to immediately report a security incident, as well as IT incident management services, protecting your company and ensuring a higher level of security with the full power of leading global solutions.
Level 3. STRATEGIC
Cyber Defense
Focusing on understanding high-level trends and drivers of confrontation, and then enhancing that understanding to engage in strategic security and business decision-making.
GOALS
-
Resolving or mitigating incidents.
-
We're 'on the hunt' for possible incidents.
MANAGED SERVICES
Ethical Hacking (Black/Gray/White Box).
Threat intelligence.
Code analysis.
Threat Hunting.
Evaluation and Training (offensive/defensive) of SOCs.