In the event of a security incident, our Rapid Intervention Force is available 24/7
SOC : Monitor, detect and protect
Formind SOC service offering enables companies to monitor their information systems (supported by the best performing SIEM, EDR and NDR-type solutions on the market) and so, to detect attacks extremely quickly while discarding false positives.
A SOC is put in place using a level-based approach related to coverage scopes: endpoints (EDR), infrastructure equipment (SIEM), SaaS security tools (API connector), network (NDR), while limiting the number of technologies in order to command their full potential.
Deploying the Formind SOC enables the first results to be obtained in under 2 months, in comparison with a standard SOC which often needs 6 months. Since these results can be accessed via the security cockpit, you are informed in real time about the status of your alerts and any incidents in your park so that you can launch the requisite protection actions.
Your challenges
Attacks are becoming more complex; there are more and more cybercriminals and better organised than ever before. It is becoming increasingly complicated to detect these attacks with traditional SOC tools and procedures.
For the security of your business, your cyber defence actions need to evolve: increase visibility, increase expertise, make your reactions more effective and streamline communication with the rest of the organisation.
Formind SOC orchestrates your security solutions and gives you the opportunity to :
- Place your IS under security supervision to shine a light on any dark spots
- Be able to detect attacks without waiting for their visible impacts
- Reduce risk, increase peace of mind and boost the trust of your partners
Key features
Adaptability
Formind SOC is able to interface with most technologies on the market.
This means that we have the capacity to integrate your technological choices, whether for SIEM (Azure Sentinel, Splunk, Logpoint, ELK, etc.), EDR (Microsoft, Crowdstrike, Sentinel One, Harfanglab, Cybereason, Trellix, CheckPoint, etc.) or any other security tools, thanks to our expertise in the different solutions available on the market and the design of the Formind SOC’s architecture.
True positive billing
The service is billed based on the number of security incidents processed by the SOC. This approach enables to :
- Limit and reduce the number of false positives and so allow our analysts to focus their efforts on the events which impact your business.
- Stand out from billing based on volume, EPS, number of assets, which do not reflect a real security-based approach and are more expensive.
Proximity
Too often, the services provided by other SOC partners highlight a lack of visibility over alert and incident management and a lack of scalability and acknowledgement of any changes in the customer’s organisation. Formind is convinced that it is crucial for its SOC experts to assist you with your monitoring and threat detection issues via regular and operational follow-up meetings.
To enable this we have chosen to set up bi-monthly management committees and operational improvement committees (30 minutes every two weeks).
Our objective is to boost your teams’ security performance and improve the protection of your IS.
Soc as Code
This concept is industrialised within the SOC and provides a response to a whole range of issues: the constant evolution of threats and the need to achieve concrete and fast ROI and results. To this end, SOC as code allows to :
- Quickly deploy a set of standard (150) and customised rules when constructing the technological environment, whichever SIEM is used. This guarantees complete, optimised protection for your environment.
- Share and take advantage of improvements on a regular basis in order to keep up to date with threats at all times.
- Automate certain reaction processes (e.g.: isolate a workstation, user awareness, etc.) to limit spread and to enable Formind’s analysts to focus on the most complex alerts which have the highest impacts on your business.
Your benefits
Simple & quick integration
Thanks to tried and tested technological choices and developments, the deployment of the SOC is packaged and taylored to all environments :
- A workshop-based standardised and methodological approach: identification of attack scenarios, deployment scope and access to VSR, VABF and RUN tools.
- A simplified collection infrastructure based on the alerts generated by the security tools. This paradigm shift makes integration simpler.
- An operational SOC and the first alerts highlighted in under 2 months!
A unified alert view
You haven’t deployed a SOC yet? Formind will do it for you with the best technologies on the market and access to the dedicated expertise: Microsoft Sentinel to orchestrate your alerts and an EDR adapted to your environment and the size of your structure.
Do you have existing technologies? Formind focuses on all of your alerts in the Azure Sentinel orchestrator and manages your security tools.
Complete transparency
Formind provides you with access to the supervision console, whether it is hosted on our premises or yours. This means that you can control the activity and improve your teams if you want to.
You then have visibility over all your operations – you keep control.
Continuous improvement
Over 1500 vulnerabilities are discovered each month and more than 74% of companies have been subjected to phishing attacks!
The detection rules are continuously adapted to your context to take into account your IT set-up and the vulnerabilities with the threat level.
Our main partners
What they say about us!
Industrial company
Formind’s level of cyber expertise allows me to improve my own skills every time we talk. Their availability creates a relationship built on trust which grows over time. Their persons of contact remain the same over time and know our environment really well. Having a partner like Formind gives us reassurance about our cyber risks.
Laurent BRAULT
DSI / CIO – Centravet