SIEM & SOC
Security Operation Centers and SIEM
Incident response life cycle
In a nutshell - we assist corporates with detecting and responding to incidents.
In a bigger nutshell, incident detecting process starts a long time before an actual incident is detected, the first step is: deciding what's important and what to defend- defending a room is easier and costs less than defending a house or a building.
once we get our priorities straight, we have to plan exactly which processes and/or systems we want to defend, break down the processes to systems and sub processes, understand the risks and build incident scenarios, afterwards choosing the relevant products - a firewall that blocks wonderfully but does not report successful access may hinder our efforts in detecting an ongoing breach. In parellel we should build an actionable response plan, automate whatever we can, train the responders, and configure the systems to support our efforts.
our (like Nike's) moto is "if you know what to do" - "just do it" - configure your systems to respond exactly as people would have, this doesn't mean to shut down systems and block communications, but it does mean to gather all the relevant information automatically in order to allow an informed decision, and to allow non-experts to do expert work in a less time than a subject matter expert would do it.
This approach saves time & money, reduces and focuses cyber security investment and may even save your job or your corporate main business.
Security information and event management systems (SIEM) and Security operation centers (SOC) are tools employed by organizations who are interested in being aware of cyber incidents and in many cases, want to respond to those incidents.
Our customers use Swordfish for consulting or turnkey projects in order to select the technologies, manage the project and build the processes, or to review and improve existing SIEM / SOC operations.
Incident response is a process that starts way before an incident occurs. preparation is key for success in incident response.
use our experts to build and customize the communication plans, tools, training and incident response flows.
We can help define the need, compare the products and / or lead the project.
We specialize in SIEM, SOC, Data leakage, Cyber automation and malware detection projects.
We focus on representing unique products that assist our clients' complicated demands.
We only represent products we believe in, excel in, and that are within our domains of expertise.
We are implementing Israeli startups alongside traditional products.