BI.ZONE offers its customers continuous monitoring of security events as a service to be applied to the IT/OT infrastructure. The Threat Management and Analysis (TMA) service is based on BI.ZONE Security Operations Centre (SOC), where we employ the best event management solutions on the market integrated into the cybersecurity orchestration platform of our own design. This makes it easy for the Customer to outsource some operational processes with the sole remaining worry of quality control of the services provided.

Effective data gathering

Events are collected only from the sources and to the extent required for the implementation of incident detection scenarios, as well as their subsequent investigation. Our competitive cost for the service is achieved by collecting only the important EPS, instead of trawling in all the noise.

Application of Threat Intelligence

Our company-developed Threat Intelligence platform helps expand the context of the information being analysed. Using the platform we enrich original events and, thereby, enhance the logic of the incident-detection rules. This additional context can also be applied in the investigation of identified incidents.

Proactive threat detection (Threat Hunting)

Combined with the classical approach to InfoSec monitoring, the practice of proactive threat hunting allows for quick detection of complex threats and targeted attacks, where the attackers employ new techniques and tools designed to bypass traditional security solutions.

Centralised service management

Through the dedicated customer portal, users can get instant access to the information from BI.ZONE SOC about the detected incidents. This data can be visualised from all angles through a variety of descriptive statistics. This feature also offers the ability to integrate the portal with the customer’s ITSM or the IRP through the REST API.

Cloud

The easiest option which requires the least of resources. A dedicated VPN channel is used to communicate with the BI.ZONE SOC cloud, and basic components for collecting ‘raw’ events from sources are located inside the network. At this stage, the system performs preliminary processing and filtering of events, after which the stream of data is sent to the SOC for subsequent processing of incidents and further detection. This option is great for companies with small to medium infrastructures. The advantages of this connection:

Hybrid

A balanced connection layout that combines the benefits of Cloud and Local connections. All SIEM components for detection of incidents; management, collection and processing of raw events; and long-term storage are installed at the customer’s location and are managed from the BI.ZONE SOC cloud. This plan ensures:

Local

The local or co-managed connection with BI.ZONE SOC provides complete customer access to SIEM. All SIEM components for detection of incidents; management, collection and processing of raw events; and long-term storage are installed at the customer’s location. BI.ZONE connects to SIEM via a secure VPN channel in order to continuously monitor the system and maintain it in good health, as well as analyse cybersecurity incidents. This connection method allows the customer to: