Within the scope of our SOC (Security Operations Center) service; institutions’ information systems, network infrastructures, security devices, and critical applications are monitored 24/7 without interruption, and the resulting security incidents are managed end-to-end over a centralized and auditable operation structure.
Data collected from various log sources (firewall, server, application, endpoint, etc.) is normalized on SIEM platforms and transformed into meaningful, prioritized, and actionable alerts through correlation rules and defined use-cases.
Our SOC operations are carried out in compliance with international standards, primarily ISO 27001, KVKK, MITRE ATT&CK, and NIST Cybersecurity Framework.
SOC Operation Scope
- Log collection, normalization, and correlation
- Use-case management and alert generation
- Incident analysis, classification, and prioritization
- Incident escalation, response coordination, and reporting
- Signed Log Retention for 1/2 Years in Compliance with Regulation and Audit Requirements
Logs collected within the scope of our SOC service are retained for at least 1/2 years with their integrity cryptographically guaranteed (signed). This approach provides the following advantages:
KVKK compliance: Retrospective investigation and evidencing capabilities in personal data breaches.
Digital forensics and legal processes: Logs with preserved integrity, undeniable evidentiary value.
Ease of auditing: Fast and reliable log access in ISO 27001, internal audits, and third-party audits.
Post-Incident Analysis: Detection of long-term threat trends and persistent threats.
Corporate risk management: Reduction of regulatory penal and operational risks.
Thanks to this structure, SOC operations are not merely instantaneous threat detection; they also become a strategic security function providing corporate memory, legal resilience, and regulatory compliance.