24/7 Cybersecurity Operations Capability

Round-the-clock threat detection and response, combining advanced technology with expert teams to provide comprehensive security protection for your enterprise, promptly identifying and handling various security threats to ensure business continuity.

Explore Support System Service Process

Flexible Delivery Methods

Provide multiple service delivery models based on enterprise needs to ensure perfect matching between security protection and business requirements

Full Managed

  • Full-stack mananged service of security platforms
  • Automated service support
  • SOC service with high availability and data security
  • Help customers reduce costs and increase efficiency

Services

  • Matching different industry characteristics
  • Targeting different operational stages of users
  • Hosting of mainstream security products and platforms
  • Multiple service support modes
  • Support for customized SLA

Products

  • Next-generation SIEM platform
  • AI-driven automated endpoint security EDR
  • Phishing email simulation
  • BAS verification platform
  • User entity behavior analysis platform(UEBA )
  • SOAR automated playbook orchestration
安全运营配图

Multi-layer Support System

Professional division of labor, collaborative operations, ensuring every security incident is handled swiftly and effectively

监控团队工作场景
Tier-1

Monitoring Team

  • Monitor alerts generated by SIEM
  • Verify and escalate alerts
  • Perform incident response according to SOP
  • Confirm device holder information
  • Confirm alert accuracy and completeness
  • Follow processes, playbooks, templates and procedures
  • Track SLA metrics (alerts and availability)
  • Use customer tools to search for threat IOCs in customer environments
  • Improve self-capabilities and strive to be promoted to Tier-2 analysts
SIEM Alert MonitoringAlert Verification & EscalationSOP Process Execution
安全专家分析场景
Tier-2

Expert Team

  • Threat hunting
  • Respond to, contain, trace and strengthen security for escalated incidents to ensure closure
  • Design and formulate new security policies and playbooks
  • Analyze network and endpoint data using SIEM and various security platform tools
  • Design information risk events and response actions based on incident type and severity
  • Internal audits
Threat Hunting & AnalysisIncident Closure & HandlingSecurity Policy Formulation
系统维护团队工作场景
Engineering

Maintenance Team

  • SIEM platform infrastructure health and performance monitoring and maintenance
  • Update, upgrade and patch management for SOC service support components, platforms, tools, devices and infrastructure
  • Develop use cases for data access, aggregation and monitoring
  • Build and maintain security incident database
  • Review resource utilization and expansion trends of SOC service support components
SIEM Platform MaintenanceComponent Update ManagementData Monitoring Use Case Development

Professional Personnel Service System

Build a multi-level, professional echelon of security talents to provide solid guarantee for service quality

人员服务体系

Standardized Service Process

Establish standardized service processes to ensure stable and reliable service quality with rapid and efficient response

服务流程

Service Level Agreement(SLA)

Clarify service commitments and guarantees for different service types, ensuring predictable returns on your security investment

Prevention is Better than Cure

Vulnerability Emergency Response Process

Dimension Definition
Processing Object Potential threats (vulnerabilities not yet exploited)
Necessity Source Preventive measures to avoid actual losses caused by vulnerability exploitation
Timeliness Driver Based on vulnerability exploitability and impact scope, as well as collaboration with business departments
Response Goal Patch vulnerabilities and eliminate hidden dangers
Emergency Remediation

Security Incident Emergency Response

Dimension Definition
Processing Object Occurred threats (incidents are ongoing or have occurred)
Necessity Source Emergency measures to respond to security incidents that have already occurred
Timeliness Driver Based on actual business impact of the incident (such as interruption, data leakage, etc.)
Response Goal Contain the incident, recover business, and reduce losses

Continuous technological updates and process improvements

Continuously innovating and optimizing to ensure that service capabilities always stay ahead of threat evolution

Technology

System, identity, traffic, application, data

Improve technical architecture, optimize operational status, establish continuous threat exposure surface management, reduce alarm noise, and enhance alarm accuracy

Personnel

Based on host, network, and intelligence

Ability enhancement, cutting-edge insights in the industry, narrowing the gap, and knowledge base construction

Process

Based on behavior, anomaly detection, attributes, and features

Standard operating procedures, event management, threat intelligence, evidence collection, daily operations