Managed Security Operations Center (SOC) Services

IT security is more than just prevention.

IT systems are increasingly complex, and numerous daily changes force us to rethink how to approach risk management cost-effectively. The typical cost of security incidents is now around €2-3 million, and the average time attackers spend inside a compromised organization before detection is 200 days.

To combat this trend, incident detection and response teams are core to modern IT risk management. Organizations need to either internally build these capabilities or outsource them.

Internal SOCs can be costly and cybersecurity expertise difficult to find. This makes quality outsourced managed detection and response (MDR) services extremely attractive to organizations that wish to mature their cybersecurity and risk management.

To address this, NIL operates an advanced Managed Detection and Response service – the NIL SOC. This is partly or fully managed by dedicated cybersecurity experts and the NIL SOC platform.

Banks that take cybersecurity seriously use a SOC

Delavska hranilnica savings bank is pursuing a strategic approach to cybersecurity in its continuing push to go digital and offer advanced digital products. This makes it crucial to effectively detect and respond to potential cyber threats, a feat made possible by the NIL Security Operations Centre (SOC), which is considered by the bank as the most comprehensive SOC service on the market.

Read the case study


Managed SOC Features


Reduce risk and cost by detecting IT security threats early

NIL’s managed SOC offers a comprehensive and modular set of MDR services. These are tailored to your environment and support your long-term cybersecurity lifecycle.

These services are customizable, subscription-based bundles that have the following flexible components to adapt to your organization:

  • Managed detection services that include real-time monitoring of your environment, incident triage and investigation, and incident reporting.
  • Managed incident response services that provide local or remote remediation of security incidents in tight cooperation with you, the customer.
  • Proactive detection capabilities including threat hunting, vulnerability assessment, and deception technology (honeypot/honeytoken) deployment.
  • Lifecycle consulting to give you a clear security roadmap based on feedback from long-term SOC operations.

Cover a wide range of threats with a deployment model that works for you

At its very core, our managed SOC solution is designed to cover a wide range of threats by both adhering to industry-standard threat modelling frameworks and by monitoring a large range of critical IT components.

A framework based on real-life attacks

The detection capabilities of our SOC center around a catalogue built upon the industry-standard Mitre Att&ck tactics and techniques framework. This allows us to match our SOC processes to a range of activities used by real-life attackers, ensuring threats are detected and the rate of false negatives is low.

A clear view of suspicious activity

Our SOC uses a wide range of sensors across your organization to detect suspicious activity, including network traffic and deep endpoint analysis. Since network traffic is now generally encrypted, our deep endpoint capabilities help reliably detect most threats targeted at critical endpoints and applications.

Flexible deployment models

The NIL SOC can be used as one or a mix of the following deployment models:

  1. The enterprise integration model, where the NIL SOC draws from your existing security information sources as its main information and detection source. These are usually already integrated into a SIEM system. The NIL SOC may then expand and fine-tune your system to achieve optimal detection levels.
  2. Alternatively, for organizations that haven’t invested heavily in detection capabilities, NIL SOC supplies dedicated network and endpoint detection platforms. These can be quickly deployed in your environment, avoiding complex integration and SIEM investment.
  3. For organizations with very specific environments, NIL SOC provides custom integration models to address the technology and process platform that will be monitored. One example is our OT/ICS solution for industrial environments where we use a framework of technology-specific sensors.

Strict Service Level Agreements

The NIL SOC provides strict Service Level Agreements (SLAs) that govern both the time-window for monitoring incident detection (24/7 or 8 am-5 pm) and guaranteed incident response time.


Why NIL?


  • Threat coverage: The NIL SOC covers a broad range of threats based on extensive network AND endpoint activity monitoring, as well as proactive approaches to incident detection, such as threat hunting.
  • Flexibility: The NIL SOC services and SLAs can be extensively customized for your environment, and our SOC processes integrate with your internal IT and business processes.
  • Data protection: Our service keeps the majority of your data on your premises and operates in a fully ISO 27001-certified environment.