The mission of GovDataHosting Security Operations Center (SOC) is to protect, detect, respond, and recover from information security threats to federal, state, and local government information systems. Our SOC operates 24 hours a day, 7 days a week (24x7), 365 days a year (24x7x365) to monitor and protect the customers’ information systems and infrastructure. GovDataHosting provides the following SOC operations services as part of our defense in depth service delivery:
Monitoring and Analysis
We investigate and positively identify anomalous events that are detected by security devices or reported to the SOC from external entities, system administrators, and the user community. Our SOC monitoring team actively reviews all SOC data feeds, analytical systems, sensor platforms, output from other SOC tool products, and provides written or oral finding reports to the customers’ designated officials for further investigation or action. Our SOC personnel monitor systems’ status, escalate and report potential incidents, create and update SOC incident cases and perform risk assessment analysis. We finetune and implement custom detection content, tune the Security Event Information Management (SIEM) system and IDS/IPS events to isolate real events and minimize false positives.
Our SOC vulnerability assessment analysts provide remote vulnerability assessment capabilities as a sustained, full‐time program independent of incident detection, recovery, or reporting activities. Activities include full‐knowledge, open‐security assessment of customers’ web sites, enclaves, and systems. Our SOC works with system owners and system administrators, to holistically examine the security architecture and vulnerabilities of their systems, through security scans, examination of system configuration, review of system design documentation, and interviews. Our analysts use network and vulnerability scanning tools, as well as invasive technologies used to interrogate systems for configuration and status.
GovDataHosting SOC analyzes multiple threat intelligence feeds from various sources that provide information and indicators on cyber threat activity, adversaries, and recommended mitigations. We analyze threat information, determine the risk to customers’ information systems, and develop mitigations and/or countermeasures to mitigate or disrupt the threat. Possible countermeasures include logical or physical isolation of involved systems, firewall blocks, DNS black holes, IP blocks, patch deployment, or account deactivation. Our SOC analysts apply their knowledge of adversary capabilities, intentions, tactics, and procedures to compile and distribute cyber intelligence information, fuse cyber intelligence data into SOC monitoring systems, and provide situational awareness to other members of the SOC.
Insider Threat Hunting
GovDataHosting provides support to detect, prevent, and respond to threats posed by malicious, negligent or compromised insiders, by maintaining an in‐depth visibility into the customer’s information systems and having a means of filtering and prioritizing threat data into concise, actionable intelligence. We provide advanced analysis and adversary hunting support to proactively uncover evidence of adversary presence on customers’ networks and individual computer systems. Our SOC analysts are trained to recognize key insider threat technical indicators such as unauthorized privileged access attempts to sensitive data, or an un-authorized network configuration change as part of establishing a baseline of normal user behavior and detecting significant deviations in user activity.
Our SOC also provides a variety of add-on services including Customer Site Cyber Incident Response, Continuity of Operations Coordination, Intrusion Defense Chain Support, Penetration Testing and Digital Media Forensic Analysis.