About the project

For a energy sector customer, we have completed a project consisting of provision and implementation of tools for the Security Operations Center. As part of the project, implementation of SIEM, Network Behavior Monitoring, SOAR and vulnerability management systems for the IT and OT environment was performed. Incident detection rules were built and scenarios for their handling in SOAR were developed and implemented. The project covered over 5,000 assets, including elements of the Poland’s critical infrastructure.

Key assumptions

Inventory of IT assets, security and business processes

Incident Management

Vulnerability management

Compliance (compliance with the Security Policy)

Personal data protection in accordance with the GDPR

Automation of operations based on detected SOAR incidents

Implementation was based on the solutions:

SOAR/GRC implementation based on eSecure SecureVisio product

SIEM implementation based on McAfee ESM

Approx. 100 incident detection rules from over 200 sources

Over 300 security zones, 900 servers, 100 business processes and IT services

Approx. 100 incident detection rules from over 200 sources

Integration with ServiceDesk, Trend Micro DeepSecurity, McAfee ePO, RAPID7 systems

Preparation of the tool for the SOC production operation