Hybrid 24/7 Security Operations, integrating market-leading SIEM and SOAR with your business
The Performanta SOC binds together four pillars that are essential to delivering an effective SOC for our clients which is constantly learning and improving:
Continuous Incident Response
Development & Automation
Organisations want to avoid allowing individual security incidents to evolve into an organisational-wide crisis. Detection and reaction are at the core of Performanta’s SOC program, where we aim to reduce the “mean time to resolve” factor. While traditional security monitoring platforms generate alerts for incidents, our human experience factor, introduced into the “analyse and decide” chain, brings value to businesses aiming to increase investment value and decrease exposure.
Performanta provides 24/7/365 security event monitoring and analysis services from our Security Operations Centre (SOC) located in the UK and South Africa. Our SOC provide visibility and situational awareness into our clients’ environments by identifying and investigating cyber-attacks and correlating events across multiple sources to identify indicators of attack along the cyber kill-chain.
Importantly, we provide real-time incident feedback and trend analysis on closure reasons. Why is this important? Because it’s key to remove items that are repeat offenders or false positives or ‘do later’ issues. These need to be addressed to help ensure the SOC is focusing on real threats.
Performanta is 'threat led', proactive and aligned to the MITRE framework. Performanta provide guidance and support to our clients that will collaborate and engage with our Threat Intelligence team. The goal is to serve as an effective detection multiplier for our clients and improve detection rates while maintaining a productive ratio of true positives to false positive alarms.
Performanta’s threat hunting approach utilises two separate methodologies – “big bucket” hunting and MITRE ATT&CK hunting. Our MITRE ATT&CK hunting is informed by tracking adversaries and the techniques they use. These techniques are regularly aggregated to determine which techniques are most abused by adversaries, and subsequently this intelligence informs our threat hunting operations.
Performanta uses automated playbooks to help speed up data enrichment and extract additional data for context, to help the SOC analysts. Performanta has long-running experience in the deep and extensive utilisation of SOAR platforms and in implementing effective processes and playbooks across our services. Automation serve as an effective multiplier designed to methodically build processes and playbooks that are designed to reduce the MTTD and MTTR across a client’s cyber security operations.
Performanta sees Engineering as an essential cog in ensuring the successful delivery of a managed SOC. The focus is to ensure improvement and maturity on the overall SIEM platform and the related use cases, rules & logs management activities and dashboards etc through our Encore platform.
Managed Security Operations Center (SOC) Service
Our Managed SOC Service provide you with a 24x7x365 service. Our in-house Security Operations Center (SOC) is one of the largest in the world, and is effectively your eyes on your security infrastructure, so you don’t need to be. We will monitor your Microsoft Sentinel, IBM QRadar or IBM QRadar on Cloud (QRoC) SIEM for threats, detecting cyber attacks as soon as they start, whatever time of the day or night that happens.