RADA Electronic Ind. Ltd (NASDAQ : RADA) a leading defense & electronics industries provider has recently joined Bezeq International SOC Services. RADA Electronic Industries Ltd. specializes in the development, production, and sales of Tactical Land Radars for Force and Border Protection, and Avionics Systems (including Inertial Navigation Systems) for fighter aircraft and UAVs.
BI’s Security Operations Center (SOC) has interfaced with RADA's data security network and analyzes logs from the security solutions in place and the entire customer’s network. The SIEM/SOC receives the logs in an encrypted manner to the SOC at Bezeq International secured location.
What is a SIEM/SOC Service?
Let’s get a bit more familiar with the two components of this service:
- SIEM – security information and event management system
- SOC – a line of cyber security experts working around the clock 24/7
"The market today demands SOC services to be more proactive and less reactive," explains Kelly Cavona, senior analyst at Gartner. With the large data analytics capabilities, SOCs become active tool in the search for threats intelligence of the environment before they become alerts that indicate active threats. This is a technological and intellectual maturation that shifts the detection of threats to an earlier stage in the process to bring about more efficient treatment before the damage begins to form.”
Bezeq International SIEM/SOC services
BI offers advanced SIEM/SOC services, managed by experts who monitor and collect data about information security from various IOC sources, CERT services (the National Cyber Security Directorate) and information services such as GTI.
This information is collected and processed by Bezeq International’s SOC experts and analyzed by analysts to provide a full picture of information security intelligence regarding various cyber threats and their impact over the organization.
The Bezeq International Security Center can compare the received suspicious logs against 150 structured scenarios from the known events bank, in addition to the unique events known to Bezeq International and McAfee. The Center is connected to information from Israel’s National Cyber Directorate as well as to global intelligence accumulated in real time.
In addition, customized defined events are created according to the customer's requirements, such as an attempt to change a domain or admin, to make a login several times without success and dozens of more criteria. In cases of deviations from the defined scenarios, the system produces an alert received at the Bi’s SOC, as it is updated by the customer.
The control goal table include inter alia Active Directory, Web protection, Malware in the organization’s network, Internet use, E-Mail and DNS.
Types of alerts and mirroring for customers
The SOC alerts are divided into three types, which are defined together with the customer and according to the requirements and security policy of each organization:
- Green Alert – for informing purposes only, via email.
- Yellow alert – cases requiring attention and monitoring by the customer and follow-up to make sure the issue is being handled.
- Red alert – critical alert for a serious information security event, where the SOC is communicating and follow up until the attack is over, and assisting the customer of the case handling and the option of a response team at the customer’s location, where possible.
Reports system and organizational learning
As part of the service, Bezeq International's experts monitor and collect information analyzed by analysts in order to provide a complete picture of information security intelligence on various cyber threats and their potential impact on the organization.
The reports allow us to investigate events that were, from the beginning of the event, the route of the threat/malicious file in the system and an accurate analysis of the operations and events.
As Mr. Cowana pointed out, the most important part of network monitoring and SOC management today is the combination of professional knowledge, a widescope of information as possible, and the combination of the two in the pro-active search for threats.
The attackers have become more and more sophisticated in their ability to evade behavior monitoring, so the ability to analyze logs, observe behavior, and understand them faster than existing threats became of the highest importunate. Big Data collecting tools as well as advanced analysis of experienced professionals are of essence to any organization .
For further information on our SIEM/ SOC services please contact: alonU@bezeqint.co.il