Skip to content
en

CSOC – Cyber Security Operations Centre

Our Cyber Security Operations Centre, or CSOC, operates 24/7, monitoring and responding to information security incidents, ensuring that our customers can focus on their business.

cybersec_m
Alert

Secured Business 24/7

Our mission is to ensure the continuity of our customers' business. With our CSOC, you minimise your information security risks, which we believe is the best investment you can make to improve your information security. Our comprehensive service detects and responds to incidents, protects you against attacks, helps you recover from incidents, and identifies risks and areas for improvement.

We now also minimise unnecessary financial risks, since we currently offer the opportunity to start using our CSOC service without committing for a long period of time or paying activation charges. We believe that the benefits of our service and its high service level will demonstrate the profitability of the partnership, both now and in the future.

Why Our CSOC Service?

An understanding of priorities, comprehensive management and smooth communication ensure a worry-free service. 
Loihde - People at office - SCF2968 - 1920 x 1280

Worry-Free MDR Service

Our CSOC service is a 24/7/365 Managed Detection and Response (MDR) service, which means that our CSOC is responsible for managing the security systems associated with the service, detecting and analysing threats and responding to and reporting about them according to agreed processes. We work seamlessly with both the customers and their stakeholders. This allows you to safely focus on supporting and developing your business.

Loihde - Light bulb close-up - DSCF2790 - 1920 x 1280

Benefit Quickly

We have created a clear-cut implementation process based on our experience, so that you can enjoy the benefits of the service as quickly as possible. During the first month, our CSOC can be used to monitor the security of Microsoft 365 cloud services, for example, after which the service can be extended in stages until it is fully in production. The most important thing is to protect identities and endpoints first of all, as the majority of attacks start through them. When the service is up and running, we constantly improve our operations and share our findings and suggestions to maintain and improve the level of information security.

Loihde_some (55)-1

From Expert to Expert

At Loihde, your first point of contact is not a customer service desk – you are always in direct contact with our experts. A designated cyber security service manager will maintain continuous communication between your team and the CSOC to report on various situations, findings and events, and to present development ideas and projects. The service manager is a management professional that is part of the CSOC service team and works closely with our cyber security and account management specialists.

CSOC Service Customer Reviews

We concluded that in today's world, you have to have a CSOC. Also, it was not possible for us to commit our own resources to this, or to create our own on-call arrangements, for example. In our business, the operating environment, of course, has to remain stable, and in practice there is a risk of serious disruption without a CSOC.

Read Grano's Case Story in Finnish.

Petri Helin, Chief Information Officer, Grano

icon
Picture

I sleep better at night knowing what is going on in our network. In addition, if anything unusual occurs, the CSOC reacts to the events.

Read How Loihde Became iLOQ's Scalable Security Partner.

Pasi Kiljunen, IT Manager, iLOQ

Picture

Three-Tier, Domestic Service

Our three-tier CSOC ensures efficient, competent and proactive cyber security monitoring and incident response. At all levels, our analysts are trained in the tools that we use and the processes of our customers. This enables them to support each other and solve security challenges in the best way possible. In addition, our close cooperation enables us to proactively develop operations and rapidly respond to any anomalies.

tier1_350x350
  • Detects information security events
  • Monitors automation and runs playbooks on known threats and detections
  • Responds to, analyses at first level, prioritises and escalates incidents when necessary
tier2_350x350
  • Assists TIER 1 with demanding and new incidents
  • Manages and develops security systems and creates playbooks
  • Customer contact person
tier3_350x350
  • Assists TIER 1 and 2 with very demanding investigations
  • Performs digital forensics and manages incidents
  • Performs continuous threat intelligence (threat intel) and threat hunting

TIER 1 – Detects and takes countermeasures

TIER 1 is responsible for the continuous monitoring and identification of information security incidents and the monitoring of the status and operation of security sensors and systems. In addition to monitoring automation, TIER 1 runs playbooks on known threats and detections and performs first-level analyses and prioritisations of incidents.

Often, in a lighter Security Operations Centre, or SOC, the analysts' activities are limited to monitoring and possibly opening a ticket for the customer if action is required. However, monitoring is not enough; you need to be able to respond to alerts at the first sign of trouble. Attackers are often active at night or during weekends and holidays when people are not at work. Our CSOC is able to address and respond to incidents in accordance with agreed service processes independently 24/7 and is able to escalate incidents if necessary. This often stops attacks in their infancy.

Loihde - Workstations at office - 1920 x 1280
Loihde_some (56)

TIER 2 – Manages and develops operations

TIER 2 analysts are responsible for assisting TIER 1 analysts with more detailed and in-depth analyses of demanding and new information security breaches. For example, they combine data from different sources to support their analyses. Monitoring the threat landscape, communicating changes and developing automation, playbooks and alert rules are an important part of TIER 2 that continuously improves the efficiency of TIER 1. 

TIER 2 analysts are also responsible for the management and development of the security systems that are part of the service. They ensure smooth deployments and act as contact persons for the customers. They also prepare reports on information security breaches and implement containment, remediation and recovery measures according to agreed processes. For very serious and demanding information security incidents, an escalation to TIER 3 will be made, if necessary.

TIER 3 – Digital Forensics and Incident Response (DFIR)

The role of a TIER 3 DFIR analyst is to support TIER 2 with even more in-depth information security expertise, where necessary. TIER 3 analysts are also tasked with investigating new threats and better understanding how threat actors and attacks work. They continuously investigate and identify threat behaviour and techniques in support of TIER 1. This so-called threat intelligence and threat hunting makes it possible to detect new threats and vulnerability exploits as quickly as possible.

DFIR stands for digital forensics and incident response. Incident response is the process of preparing for and responding to information security incidents in order to limit and recover from damage. Digital forensics, on the other hand, investigates information security breaches, which may include securing evidence, forensics, malware analysis, log analysis, or generally determining the impact and scope of an information security breach, among other things.

The investigation is always aimed at how the customer can best cope with the information security attack, how the customer's losses can be minimised and how to assist the criminal investigation of the attack in order to catch the perpetrators.

Need urgent help with a security incident?

 When you detect signs of an attack, it is important to act quickly, but even more important to act correctly.

CSOC Services

Our 24/7 Cyber Security Operations Centre, or CSOC, is the backbone of our information security monitoring and incident response. Not everyone needs everything – protection should always be reasonable and tailored to the customer’s attack surface. For example, the following can be included in the monitoring, toolboxes or services of our CSOC:

Log Management and SIEM

Log management makes it possible to determine retrospectively what has happened and who has processed the data.

The service also allows for showing that necessary monitoring measures have taken place and statutory obligations have been fulfilled (e.g. EU GDPR). Safe storage of logs is important in order to protect confidential information. Logs can be collected from information security devices, network equipment, servers and applications. We can also help you with the design of your log management and Security Information and Event Management (SIEM) solution.

The service is used to produce a secure, expandable and high-performance log data management and storage service for the customer. The service speeds up the process of accessing log data but also allows for monitoring and restricting access to log data. Centralised log data makes it possible to utilise data for various business needs, such as information security, finance, IT, production, accounting and auditing.

Extended Detection and Response (XDR)

From the point of view of rapid and responsive cyber security, it is essential to protect the areas that are most vulnerable to attack. These include endpoints, such as desktops, mobile devices and servers, as well as identities, or user IDs.

Since no protection is 100% effective, detecting abnormal events and anomalies in the cyber environment in time, responding to them and stopping real threats at an early stage is even more important than the protection itself. This requires not only people, but also advanced technology that uses machine learning and artificial intelligence to improve detection and analytics.

Loihde’s Extended Detection and Response (XDR) service suite consists of Endpoint Detection and Response (EDR), Identity Detection and Response (IDR), Network Detection and Response (NDR) and Cloud Detection and Response (CDR). These XDR services can be combined to build a customised package and when they are combined with our 24/7 CSOC service, you get a modern and efficient Managed Detection and Response (MDR) service.

Threat Intelligence

Defensive capability is based on knowledge of the threat landscape, and our service is designed to compile precisely the information that you will find relevant.

Establishing a proactive cyber defence requires reliable, clear and comprehensive Threat Intelligence. Threats, vulnerabilities, targeted attacks and methods of attack must be monitored to make the correct strategic and operational cyber security and risk management decisions. Threat Intelligence provides information on the status of various issues affecting your industry or company using a variety of data sources, including the dark web.

A lot of data is available, but in order to leverage it, you have to extract and refine the data that is relevant to the organisation. Our Threat Intelligence service determines, processes and refines the data for your use as a customer. By combining the service with our CSOC service, threats can be detected quickly and preventive measures can be taken to proactively secure operations.

Microsoft Security and XDR

There are many different levels of Microsoft cyber security, depending on the licensing in place within an organisation.

Comprehensive Microsoft cyber security is achieved through M365 E5/A5/F5 licensing. By combining this with Microsoft's SIEM/SOAR product, Microsoft Sentinel, you get Microsoft’s Extended Detection and Response (XDR) solution.

Our CSOC supports all of the most common Microsoft licences (Business Premium, E3 and E5). We do not require customers to upgrade their licensing to E5 security. The CSOC service can also be implemented on the basis of Business Premium or E3 licensing by complementing it with a suitable XDR service from our offering. Our CSOC service and the customer's M365 and Azure licensing will be aligned to create a customised package that includes both 24/7 responsive monitoring and continuous development and management of Microsoft cybersecurity.

Loihde is also a Microsoft Cloud Service Provider (CSP), which means that customers can obtain the necessary Microsoft 365 and Azure licences directly from us. As a Microsoft Security Partner at the highest level, we know the strengths of Microsoft's cyber security products and are able to adapt them efficiently to customer needs.

DFIR Service (Digital Forensics and Incident Response)

 A Tier 3 cyber security analyst to support your investigation in the event of a cyber security attack.

The DFIR service, or Digital Forensics and Incident Response service, is part of the CSOC service package, where a TIER 3 cyber security analyst analyses the best information available to determine what has happened. Based on the information obtained, the DFIR cyber security analyst then decides on further actions and coordinates the investigation of the incident with the customer's experts and the TIER 2 analysts at Loihde’s CSOC. All investigations aim to help the customer recover from the cyber security attack in the best possible way.

With DFIR, customers can receive assistance from TIER 3 cyber security analysts at best within 24 hours of detecting a cyber security attack. Examples of TIER 3 services include data breach investigation, major incident management and response, malware analysis and sophisticated threat hunting.