Toto není e-shop pro koncové zákazníky, ale obchodní portál společnosti DNS a.s. – IT distributora s přidanou hodnotou (VAD).
MarketPlace
IT s přidanou hodnotou

Přihlášení

Registrace
Přihlášení pro členy
Zapomenuté heslo

Zapomenuté heslo

Zpět
0

Seznam poptávaného zboží

Na uvedené zboží a služby požaduji nabídku

S tímhle nepojede žádný server... :(

IBM SOC

IBM Security Operations Center jako služba
Cena na vyžádání

Popis

IBM Security Operations Center jako služba

Continuous, around-the-clock security monitoring: The SOC monitors the entire extended IT infrastructure—applications, servers, system software, computing devices, cloud workloads, the network—24/7/365 for signs of known exploits and for any suspicious activity.

For many SOCs, the core monitoring, detection and response technology has been security information and event management, or SIEM. SIEM monitors and aggregates alerts and telemetry from software and hardware on the network in real time, and then analyzes the data to identify potential threats. More recently, some SOCs have also adopted extended detection and response (XDR) technology, which provides more detailed telemetry and monitoring, and enables automation of incident detection and response.

Log management: Log management—the collection and analysis of log data generated by every network event—is an important subset of monitoring. While most IT departments collect log data, it's the analysis that establishes normal or baseline activity and reveals anomalies that indicate suspicious activity. In fact, many hackers count on the fact that companies don't always analyze log data, which can allow their viruses and malware to run undetected for weeks or even months on the victim's systems. Most SIEM solutions include log management capability.

Threat detection: The SOC team sorts the signals from the noise—the indications of actual cyberthreats and hacker uses from the false positives—and then triages the threats by severity. Modern SIEM solutions include artificial intelligence (AI) that automates these processes and which 'learns' from the data to get better at spotting suspicious activity over time.

Incident response: In response to a threat or actual incident, the SOC moves to limit the damage. Actions can include:

  • Root cause investigation, to determine the technical vulnerabilities that gave hackers access to the system, as well as other factors (such as bad password hygiene or poor enforcement of policies) that contributed to the incident.
  • Shutting down compromised endpoints or disconnecting them from the network.
  • Isolating compromised areas of the network or rerouting network traffic.
  • Pausing or stopping compromised applications or processes.
  • Deleting damaged or infected files.
  • Running antivirus or anti-malware software.
  • Decommissioning passwords for internal and external users.

Many XDR solutions enable SOCs to automate and accelerate these and other incident responses.

Pro kompletní nabídku produktů a služeb se prosím registrujte.

Registrovat se Pokračovat bez registrace