The Security Operation Center
is an operational unit tasked with identifying cyber attacks in the network
before they can develop their full risk potential.
The typical cyber attack takes several months to spread far enough in the
victim's network. During this time, the attacker tries to hide his attack as
well as possible. In order to still recognize the attack, a SOC needs various
• Systems to capture the status data of end devices, central components,
applications or IoT, production and medical devices.
• Processes to ensure a complete and meaningful analysis and the appropriate
response to security events.
• Well-trained and experienced analysts. Despite all the intelligence of modern
security systems, this human component is still the most important element of a
On the technological side, A1 Digital uses Splunk and Mandiant to collect and
analyze status data. These components can be complemented by special systems
for IoT, production and medical devices. The architecture enables comprehensive
monitoring of all devices and applications connected to the network. Attackers
find it more difficult to spread their attack unnoticed in the network and the
potential victims gain time for a qualified incident response.
As part of the incident response, the detected attack is rendered harmless
using suitable means. The attack is prevented from spreading and systems that
are already infected are cleaned.
A1 Digital offers the SOC including the incident response as a managed service
including all necessary applications and licenses. There is no need to invest
in systems and there is no time-consuming search for personnel. Clear service
levels and 7x24 operation ensure a secure network at all times.