A SOC monitors the potentially security-relevant activity taking place on a network. It is akin to watching the door knobs in a house being turned before the intruder opens the door and enters the room.

The Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) work to identify patterns of behaviour that are alerted to the controlling software. The patterns are compared against a database of attack scenarios to determine whether the network or system is genuinely under attack or simply being used legitimately in an unusual way.

This sophisticated monitoring approach can produce thousands of false positives per day for even a small network and therefore the monitoring and alerting software must be ‘tuned’ by experts to reduce the number of false positives to an acceptable threshold which does not mask the actual attacks.

Such sophisticated monitoring and tuning is a challenge for most businesses who are simply users of IT and may perceive security as a hurdle to overcome in doing their “normal” job. Echelon is here to make sure that security is seen as an enabler of business not a disabler. Therefore, we offer a suite of services in this area to allow a client to choose the one that best meets their needs whilst maintaining the flexibility to increase or decrease the level of service over time in line with changing threats.

The suite of services that Echelon offers address the changing vulnerabilities in the organisation and the realisation that network configurations change constantly – additional software, servers, services and patching or upgrading of existing services which all contribute to the nightmare job faced by most organisations of having to try to stay ahead of the attack threat, whilst providing the infrastructural flexibility required to accommodate business needs which are constantly evolving.

The levels of service that Echelon offers are as follows:

• Deployed Echelon SOC – where the SOC is created by Echelon and physically located in the client’s premises but manned by security-cleared, experienced Echelon staff
• Partnership SOC – where the SOC may be jointly created by the client and Echelon in partnership and then run by members of staff of the client organisation and Echelon either until the client is happy to take full “ownership” and management control of the SOC (Client SOC) or it continues to be run in partnership or migrated to a Deployed SOC
• Client SOC – strictly speaking, not a service as such, but an end state that can be achieved if the client wishes to use Echelon to establish the SOC and run it in parallel with the client’s staff, training those staff in the process and then handing over to the client to run whilst offering ad-hoc support
• Outsourced SOC – where the SOC facility is run from Echelon’s secure premises and manned by security-cleared, experienced Echelon staff
• Emergency Deployed SOC – also known internally as “A Box of SOCs”. This facility is a fully equipped SOC fitted inside a modified, secure ISO Container. The container meets all necessary UK Government requirements for security accreditation and is transportable by flat-bed truck, helicopter and transport aircraft as part of any military deployed medium weight capability. This SOC can equally be used by commercial customers who have an unexpected need for the facility – it can be located in a car park adjacent to any building that can supply power and communications lines; and by military or Government clients who have a need for a truly deployed, advanced forward position Network Operations Centre with SOC capability. In the latter case, the “Box of SOCs” can be located on any relatively stable, level ground with power provided from a client-supplied generator.

The Benefits and Features of the suite of Echelon SOC capabilities include:

• Constant Monitoring of your network internally and externally (as defined by the client with recommendation from Echelon) which minimises your vulnerability to insider and outsider attacks
• Immediate Identification of attacks on your network which provides maximum time to provide appropriate response – often pre-programmed immediate operations. Response times and coverage times are as required by the client and can include immediate telephone notification and fix or less stringent service levels
• Provides Rationale for a comprehensive patch management regime and maintenance of the monitored systems and networks to latest revision states to maintain a high level of security
• Clear Presentation of results in both a technical (geeky) and non-technical (business-oriented) way
• Flexible Management Reporting of all high, medium and low level attacks and the countermeasure actions taken, which provides qualitative and quantitative evidence of the benefit of the service and the threats the client organisation faces
• Value for Money compared with other types of security defences and services
• Provides Outsourcing of a non-core service (security) for many commercial enterprises which allows concentration on the core, profit generating business.

Why choose the Echelon SOC capability?

Apart from the flexibility and features of our service, and the benefits that these bring, as shown above, clients choose to use Echelon because they know that it is a company and a service that they can trust. Our clients know that they get 100% commitment from Echelon and its staff. Whether on deployed operations in highly secure military bunkers, overseas operations in temporary accommodation, overcrowded portacabins on sensitive Government sites or working 24x7x365 from our secure managed service facility in Fleet, Echelon provides secure, reliable, cost-effective and technically-advanced expert service.