Mazzy Technologies Security Operations Center

World Class SOC Services built on Microsoft Services, Azure Sentinel SEIM SOAR, Defender

Award Winning SOC Services

The responsibility of the security operation team (also known as Security Operations Center (SOC), or SecOps) is to rapidly detect, prioritize, and triage potential attacks. These operations help eliminate false positives and focus on real attacks, reducing the mean time to remediate real incidents. Central SecOps team monitors security-related telemetry data and investigates security breaches. It's important that any communication, investigation, and hunting activities are aligned with the application team.

Our SOC uses collective signals from across our company, both internal and external, to protect your devices—even from things we haven't yet seen in Mazzy Technologies Managed Desktop.

Learn more

NIST 800-61 r2 Cybersecurity Framework Incident Response Life Cycle for SOC

NIST Cybersecurity Framework

Mazzy Technologies Security Solutions align to many cybersecurity protection standards. SOC operations are based on the National Institute of Standards and Technology Computer Security Incident Response Handling Guide (NIST 800-61 r2).

The process allows for proper collection of information and evidence, for analysis and documentation and post-recovery insights into ways to better defend your environment through these phases:

Preparation, detection, and analysis
Containment
Eradication
Recovery
Post-incident activity

The Cyber Defense Operations Center brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24x7, the Center has direct access to thousands of security professionals, data scientists, and product engineers to ensure rapid response and resolution to security threats.

Utilizing data from clients and partners which include trillions of data points across an extensive network of sensors, devices, authentications, and communications, the Center employs automated software, machine learning, behavioral analysis, and forensics to create an intelligent security graph. This threat intelligence insight helps our teams connect the dots, then counter with strong containment and coordinated remediation.

Security Posture with Enterprise Architecture

Threat and Vulnerability Management

SOC's Threat and Vulnerability Management process uses some of Microsoft's services to help inform recommendations for your organization to protect against threats.

The SOC consumes data from your Microsoft Defender for Endpoint Security Center and from relevant vulnerability data sources, within and outside of Microsoft, to discover vulnerabilities and misconfigurations to provide actionable reporting.

Here are some of the many Azure tools that a SOC team can use investigate and remediate incidents:

Microsoft Sentinel: Centralized Security Information and Event Management (SIEM) to get enterprise-wide visibility into logs.
Microsoft Defender for Cloud: Alert generation. Use security playbook in response to an alert.
Azure Monitor: Event logs from application and Azure services.
Azure Network Security Group (NSG): Visibility into network activities.
Azure Information Protection: Secure email, documents, and sensitive data that you share outside your company.

Security Operations

Mazzy Technologies Managed Desktop Security Operations Center (SOC) partners with your information security staff to keep your desktop environment secure. Our team receives and responds to all security alerts on managed devices with expert analysis. When needed, we drive security incident response activities. For more information speak with your Mazzy Technologies Technical Account Manager.

The SOC offers 24/7/365 coverage from full-time employees with expertise in the current and emerging threat landscape, including common attack methods through software, network, or human adversaries.

The SOC provides these services: