About the project
For a energy sector customer, we have completed a project consisting of provision and implementation of tools for the Security Operations Center. As part of the project, implementation of SIEM, Network Behavior Monitoring, SOAR and vulnerability management systems for the IT and OT environment was performed. Incident detection rules were built and scenarios for their handling in SOAR were developed and implemented. The project covered over 5,000 assets, including elements of the Poland’s critical infrastructure.
Key assumptions
Inventory of IT assets, security and business processes
Incident Management
Vulnerability management
Compliance (compliance with the Security Policy)
Personal data protection in accordance with the GDPR
Automation of operations based on detected SOAR incidents
Implementation was based on the solutions:
SOAR/GRC implementation based on eSecure SecureVisio product
SIEM implementation based on McAfee ESM
Approx. 100 incident detection rules from over 200 sources
Over 300 security zones, 900 servers, 100 business processes and IT services
Approx. 100 incident detection rules from over 200 sources
Integration with ServiceDesk, Trend Micro DeepSecurity, McAfee ePO, RAPID7 systems
Preparation of the tool for the SOC production operation