Loading . . .

PRIVACY

Trust, transparency, and privacy are the core values when it comes to the security operations, processes, and procedures the companies seek to obtain from their partnership with SOC Prime.

GDPR Сompliance

As a GDPR compliant organization, we are dedicated to protecting the privacy of our customer data. The data we collect about our users is protected by GDPR controls. SOC Prime does not store any user data on a perpetual basis and does not share it with any third parties except for third-party processors with whom we have signed data processing agreements that help us provide and improve our services to the end users. We collect the user data within the scope of the GDPR regulations driven by a single purpose to improve the platform experience and thus, follow our mission to make threat detection easier, faster and more efficient.

According to GDPR, we are compliant with “the right to erasure” ( “right to be forgotten”), which states that users can demand to have their personal data erased if they have withdrawn their consent or object data processing. Upon the user erasure request, we are responsible for telling our processors to delete the related Personally Identifiable Information (PII) data, both from productive live systems and backup archives.

Privacy and Ownership Concerns

At SOC Prime, we have adopted our own content development maturity aimed at mitigating privacy risks of our customers. Along with the data privacy imperative, SOC Prime recognizes and respects content ownership and the Intellectual Property rights. Detection content made in the customer’s infrastructure based on the customer’s logs shall belong to the customer only.

Data privacy protection and ownership concerns guide our development procedures and are reflected in SOC Prime’s products that process user data. The in-house SOC Prime Team runs all the projects powered by our Detection as Code platform, which ensures privacy protection and no access for third parties to the platform functionality. All the data is encrypted by the industry standards — data at rest by the AES-256 encryption algorithm and in transit by the TLS 1.2 protocol. SOC Prime’s information security practices, policies, operations, and procedures meet the relevant standards for secure data management, which is reflected in the dedicated Service Organization Control (SOC) 2 Type II auditor’s report.

To protect user data and handle privacy challenges, the Threat Detection Marketplace sticks to the following best practices:

  • One-time password (OTP) and two-factor authentication (2FA) options
  • Logon, view and download history stored on dedicated analytical servers
  • Security logging (audit trail)
  • Hosted on Amazon AWS
  • Web Application Firewall (WAF) protection
  • Overall Rating A+ according to Qualys SSL Labs

THREAT DETECTION MARKETPLACE

Powered by SOC Prime’s Detection as Code platform, the Threat Detection Marketplace is the world’s largest SOC content and security intelligence repository that aggregates the most up-to-date Sigma-based threat detection content from over 300 researchers and natively delivers it via subscription to 20+ SIEM and XDR platforms.

CONTINUOUS CONTENT MANAGEMENT

The Continuous Content Management (CCM) module available as part of SOC Prime’s Detection as Code platform enables the automated content streaming of detection content directly into the user’s environment. The CCM module is designed to adapt the organization’s cyber defense to the latest threats, which means the amount of content ready for deployment is constantly growing and requires a proactive approach toward CI/CD workflow aligned with best software development practices.

Similarly to other Detection as Code platform functionality, the CCM module is developed with privacy in mind:

  • No log data collected from your SIEM, EDR or XDR environment
  • SOC Prime has only information on what rules are running and their hit rates
  • No data collectected on the user, IP, or host details
  • Open source API script, easy-to-read and verify

Quick Hunt was designed according to the best practices of privacy protection, particularly:

  • All hunting queries are launched during the existing browser session
  • User’s feedback is fully anonymized and provided on user’s choice exclusively

QUICK HUNT

The Quick Hunt solution within the SOC Prime’s Detection as Code platform allows security professionals to visualize and hunt for the latest threats in their SIEM & XDR with a single click.

UNCODER.IO

Uncoder.IO is the online Sigma translation engine for SIEM saved searches, queries, filters, API requests, which helps SOC Analysts, Threat Hunters, and Detection Engineers convert detections to the selected SIEM or XDR format on the fly.

Uncoder.IO cares about privacy as follows:

  • Fully anonymous: no registration, no authentication, no logging
  • All data kept session-based, stored in memory, no presence on server disks
  • Full reimage every 24h
  • Microservice-based architecture and Amazon AWS hosting
  • Based on the community verified project “sigmac”
  • Overall Rating A+ according to Qualys SSL Labs

Uncoder CTI handles privacy concerns similarly to Uncoder.IO:

  • Fully anonymous: no registration, no authentication, no IOC logging
  • All data kept session-based, stored in memory, no presence on server disks
  • Full reimage every 24h
  • Microservice-based architecture and Amazon AWS hosting
  • Based on the community verified project “sigmac”
  • Sigma translations are performed on dedicated microservices and are not saved at any stage
  • All conversions are held in RAM (Random Access Memory) to ensure high performance, scalability, and privacy
  • Platform parses IOCs locally in the user’s browser environment, no IOCs sent to the Uncoder CTI server side
  • Platform returns ready-to-use queries directly to your browser via an encrypted channel
  • CTI report does not leave your local environment (your computer and browser)

UNCODER CTI

Like Uncoder.IO, Uncoder CTI is the online conversion tool, which transforms IOCs into custom hunting queries ready to run in your SIEM or XDR. SOC Prime does not store or access the user’s IOC data, only the user running in each particular session has access to their data. Ownership of any user’s IOCs shall be exclusively owned by the user.

Uncoder CTI works differently from a standard Threat Intelligence Platform (TIP), allowing grabbing IOCs from any feed or source. SOC Prime does not store or access the user’s IOC data, only the user running in each particular session has access to their data. Ownership of any user’s IOCs shall be exclusively owned by the user.

LOG SOURCE AND MITRE ATT&CK COVERAGE

SOC Prime’s Detection as Code platform provides two management tools that enable security engineers to track progress of their detection efforts in the SIEM or XDR in use. Security engineers who prefer working offline in Excel or via the web-based MITRE ATT&CK Navigator tool, can export the coverage data to the CSV and JSON formats compatible with the MITRE ATT&CK Navigator tool.

Both Log Source and MITRE ATT&CK® Coverage dashboards are designed with privacy in mind, more specifically:

  • No third-party access to user data processed by the SOC Prime’s platform
  • Dashboard analytics is built on depersonalized user data

SOC Prime’s Detection as Code Platform

World’s first platform for collaborative cyber defense, threat hunting and discovery enabling security teams to combat digital threats easier, faster and more efficiently.
Explore