SITRA security operation center is a collection of tools, processes and human factors which intend to detect abnormal behaviors, destructive activities and security incidents quickly by gathering security reports, alerts, information and 24/7 monitoring, and eliminate them using categorizing, analysis and designing proper reactions.
This product is useful for all organizations and industries especially large and middle size ones which have data center, network and communication technologies.
- Faster threat detection by automating integration, normalization and prioritization of events which are received from security and non-security sensors all over organization network.
- Full protection assurance by using a single system so all threats on network, servers, operating systems and applications are detected immediately.
- Increase performance by managing all security devices using an integrated system.
SITRA integration capability with network operating center(NOC) administration tools
Organizations are trying to boost network performance and stability by implementing a security system to react against security threats.
Although the Security Operations Center (SOC) and network operations center (NOC) each have a specific mission and act as separate components, they work more efficiently if both are used to administrate network together.
SITRA as an automated tool for managing security events in security operation center; is capable of integration with NOC administration tools and creates following advantages:
- Increase efficiency and accuracy by sharing information
NOC can share information about network components configurations, network information assets and their values with SOC. By using this information, vulnerability scanning, security events analysis and incident response are done more accurately in SOC.
In case of any change in network configuration and asset values in organization, NOC sends necessary declarations to SOC and required changes are done in SOC.
- Improving response time in dealing with security incidents
If SOC detects a security incident, regarding information about incident and solution to eliminating or reducing its damaging effects are sent automatically to NOC administrators using a ticketing system.
- Send and receive feedback
If results of analysis on security events received from different devices and sensors are not compatible with the information received from NOC, this results can be sent to NOC by SOC for corrections in change and configuration management procedures.
After receiving a ticket from SOC, NOC administrators can send feedbacks regarding validity of incident detection and the effectiveness of proposed solutions to deal with the incident, to SOC administrators.