Loading . . .

PRIVACY

SOC Prime’s approach toward privacy and ownership rights protection

Trust, transparency, and privacy are the core values when it comes to the security operations, processes, and procedures the companies seek to obtain from their partnership with SOC Prime.

GDPR Compliance

As a GDPR compliant organization, we are dedicated to protecting the privacy of our customer data. The data we collect about our users is protected by GDPR controls. We have implemented GDPR since 30% of our customers come from the EU. SOC Prime does not store any user data on a perpetual basis and does not share it with any third parties except for third party processors with whom we have signed data processing agreements that help us provide and improve our services to the end users. We collect the user data within the scope of the GDPR regulations driven by a single purpose to improve the platform experience and thus, follow our mission to make threat detection easier, faster and more efficient.

According to GDPR, we are compliant with “the right to erasure” ( “right to be forgotten”), which states that users can demand to have their personal data erased if they have withdrawn their consent or object data processing. Upon the user erasure request, we are responsible for telling our processors to delete the related Personally Identifiable Information (PII) data, both from productive live systems and backup archives.

Privacy and Ownership Concerns

Obtaining detection content from third-party vendors involves granting full access to the organization’s SIEM or XDR environment, including the data sources and alert outcomes, which raises high concerns about the data privacy protection. At SOC Prime, we have adopted our own content development maturity aimed at mitigating privacy risks of our customers. Along with the data privacy imperative, SOC Prime recognizes and respects content ownership and the Intellectual Property rights. Detection content made in the customer’s infrastructure based on the customer’s logs shall belong to the customer only.

Data privacy protection and ownership concerns guide our development procedures and are reflected in SOC Prime’s products that process user data.

The in-house SOC Prime Team runs all the projects powered by our Detection as Code platform, which ensures privacy protection and no access for third parties to the platform functionality. All the data is encrypted at rest by AES-256 encryption algorithm, the industry standard for data security.

SOC Prime has achieved the Service Organization Control (SOC) 2 Type II certification. SOC 2® compliance ensures that SOC Prime’s information security practices, policies, operations, and procedures meet the relevant standards for secure data management and emphasize the company’s commitment to high standards of excellence for the protection of information assets and information technology resources.

Uncoder.IO

Uncoder.IO is the online Sigma translation engine for SIEM saved searches, queries, filters, API requests, which helps SOC Analysts, Threat Hunters, and Detection Engineers convert detections to the selected SIEM or XDR format on the fly.

  • Fully anonymous: no registration, no authentication, no logging
  • All data kept session-based, stored in memory, no presence on server disks
  • Full reimage every 24h
  • Microservice-based architecture
  • Based on the community verified project “sigmac”
  • Hosted on Amazon AWS
  • Data at rest encrypted using an industry standard, AES-256 encryption algorithm
  • Data in transit encrypted using TLS 1.2 encryption protocol
  • Overall Rating A+ according to Qualys SSL Labs

Uncoder CTI

Like Uncoder.IO, Uncoder CTI is the online conversion tool, which transforms IOCs into custom hunting queries ready to run in your SIEM or XDR.

Uncoder CTI works differently from a standard Threat Intelligence Platform (TIP), allowing grabbing IOCs from any feed or source. We are just operationalizing cyber threat intelligence. SOC Prime does not store or access the user’s IOC data, only the user running in each particular session has access to their data. Ownership of any user’s IOCs shall be exclusively owned by the user.

Uncoder CTI handles privacy concerns similarly to Uncoder.IO:

  • Fully anonymous: no registration, no authentication, no IOC logging
  • All data kept session-based, stored in memory, no presence on server disks
  • Full reimage every 24h
  • Microservice-based architecture
  • Hosted on Amazon AWS
  • Based on the community verified project “sigmac”
  • Sigma translations are performed on dedicated microservices and are not saved at any stage
  • All conversions are held in RAM (Random Access Memory) to ensure high performance, scalability, and privacy
  • Platform parses IOCs locally in the user’s browser environment, no IOCs sent to the Uncoder CTI server side
  • Platform returns ready-to-use queries directly to your browser via an encrypted channel
  • Data at rest encrypted using an industry standard, AES-256 encryption algorithm
  • Data in transit encrypted using TLS 1.2 encryption protocol
  • CTI report does not leave your local environment (your computer and browser)

Log Source and MITRE ATT&CK Coverage

The SOC Prime Detection as Code platform provides two management tools that enable security engineers to track progress of their detection efforts in the SIEM or XDR in use. Log Source Coverage shows how your organization-specific log sources are covered by the detection content available on our platform. This way, you can control how effectively your log source data is utilized in your security technology. MITRE ATT&CK® Coverage shows the extent to which ATT&CK tactics, techniques, and sub-techniques are addressed by the detection content that you explored or deployed.

Both Log Source and MITRE ATT&CK® Coverage are designed with privacy in mind, more specifically:

  • No third-party access to user data processed by the SOC Prime’s platform
  • Data at rest encrypted using an industry standard, AES-256 encryption algorithm

For those security engineers who prefer working offline in Excel or via the web-based MITRE ATT&CK Navigator tool, we plan to add the ability to export the coverage data to the CSV and JSON formats compatible with the MITRE ATT&CK Navigator tool. This export functionality is coming soon.

Quick Hunt

The Quick Hunt solution within the SOC Prime’s Detection as Code platform allows security professionals to visualize and hunt for the latest threats in their SIEM & XDR with a single click. Quick Hunt was designed according to the best practices of privacy protection, particularly:

  • All hunting queries are launched during the existing browser session
  • Data in transit encrypted using TLS 1.2 encryption protocol
  • User’s feedback is fully anonymized and provided on user’s choice exclusively

Threat Detection Marketplace

Powered by the SOC Prime’s Detection as Code platform, Threat Detection Marketplace is the world’s largest SOC content repository that aggregates the most up-to-date Sigma-based threat detection content from over 300 researchers and natively delivers it via subscription to 20+ SIEM and XDR platforms.

To ensure that SOC content search is perfectly tailored to the user's security role and needs, Threat Detection Marketplace provides a variety of search-tuning opportunities and filters configured within the user's profile. However, profile configurations are fully optional and it’s up to the user to customize the search preferences and apply the recommendation engine.

To protect user data and handle privacy challenges, Threat Detection Marketplace sticks to the following best practices:

  • One-time password (OTP) option
  • Two-factor authentication (2FA) option
  • Logon, view and download history stored on dedicated analytical servers
  • Security logging (audit trail)
  • Hosted on Amazon AWS
  • Web Application Firewall (WAF) protection
  • Data at rest encrypted using an industry standard, AES-256 encryption algorithm
  • Data in transit encrypted using TLS 1.2 encryption protocol
  • Overall Rating A+ according to Qualys SSL Labs

Continuous Content Management

The Continuous Content Management (CCM) module available as part of the SOC Prime’s Detection as Code platform enables the automated content streaming of detection content directly into the user’s environment. The CCM module is designed to adapt the organization’s cyber defense to the latest threats, which means the amount of content ready for deployment is constantly growing and requires a proactive approach toward CI/CD workflow aligned with best software development practices.

Similarly to other Detection as Code platform functionality, the CCM module is developed with privacy in mind:

  • No log data collected from your SIEM, EDR or XDR environment
  • SOC Prime has only information on what rules are running and their hit rates
  • No data collectected on the user, IP, or host details
  • Open source API script, easy-to-read and verify
  • Data at rest encrypted using an industry standard, AES-256 encryption algorithm
  • Data in transit encrypted using TLS 1.2 encryption protocol