CYBERSECURITY & INFORMATION SECURITY

SOCAR Tech’s Information Security division is ISO/IEC 27001 certified and holds 20+ professional certifications including CISSP, CISM, CISA, CEH, OSCP, OSCE, eCPPT, CCSP, CRISC, and IEC 62443. Three core pillars: Security Research & Engineering (EDR, XDR, NDR, WAF, SIEM, SOAR, OT, Deception), Security Operations Center (24/7 monitoring, Red & Blue Team, DFIR, Threat Hunting), and Information Security Compliance & Data Security.

Governance, Compliance & Risk

ISO 27001 Consultancy, Gap Analysis & Internal Audit

Category: Compliance & Audit
Usage: Enterprise information security; Compliance assessment

End-to-end ISMS implementation consultancy including gap analysis, risk assessment, documentation, and certification support. Internal audit service for ISMS effectiveness evaluation and continuous improvement. Assessment of current practices against ISO 27001 requirements with actionable improvement roadmap.
•    GAP analysis and current situation evaluation
•    Risk assessment and risk treatment plans
•    ISMS scope definition, policy, procedure and instruction preparation
•    Internal audit and management review structuring
•    Certification audit preparation and support

Cyber Security & Supplier Risk Management

Category: Risk Management
Usage: Enterprise risk management; Supply chain security

End-to-end cyber risk management framework covering strategic, operational, and technological dimensions. Integrates risk assessment into project life cycles, M&A processes, and procurement. Third-party risk management covering governance, assessments, contracts, and continuity planning.
•    Risk appetite definition and methodology implementation
•    Risk assessment in supplier relations, projects, and M&A
•    Supplier security policy, NDA forms, BIA, security questionnaires, and exit strategies

Virtual CISO Services & Security Portfolio Optimization

Category: Strategic Security
Usage: Security leadership; Security investment optimization

Flexible, modular strategic information security leadership combining risk management, compliance, incident response, and security maturity programs. Evaluation of existing cybersecurity products (Firewall, EDR, SIEM, DLP, etc.) to maximize ROI and eliminate tool sprawl — identifying configuration gaps, overlapping features, and dormant licenses.

Security Operations & Technical Security

Security & SOC Maturity Assessment (incl. SIEM Health Check)

Category: Security Operations
Usage: Security posture assessment; SOC optimization

Technical evaluation of enterprise security technologies including Next-Generation Firewalls, Web Application Firewalls, Network Detection & Response, Endpoint Detection & Response / XDR platforms, and SIEM platforms to validate alignment with vendor best practices, enterprise security architecture, and operational security requirements.
The scope covers architecture analysis, configuration validation, detection capability, monitoring effectiveness, and operational readiness across integrated security platforms
•    Security architecture design, deployment model, and control placement
•    Firewall, IPS, and segmentation configurations including rule optimization and threat prevention (Firewall)
•    WAF protection policies and application security configurations (WAF)
•    NDR detection capability, sensor placement, and network visibility (NDR)
•    EDR/XDR protection policies, behavioral detection, and response mechanisms (EDR/XDR)
•    Integration architecture across Firewall, WAF, NDR, EDR/XDR, and SIEM platforms
•    Logging consistency, redundancy identification, and configuration effectiveness
•    High availability, resilience, and configuration governance
•    SOC incident detection, response processes, threat intelligence, and automation benchmarking

Managed Detection & Response — IT & OT (MDR / OT MDR)

Category: Security Operations
Usage: : Industrial cybersecurity; Endpoint and network security

24/7 managed security monitoring for both industrial control systems (OT/ICS networks) and enterprise IT environments, including endpoints and network infrastructure. The service enables continuous detection of cyber threats, abnormal activity, and potential security incidents through centralized monitoring, correlation, and behavioral analytics.
Security monitoring is supported by SIEM and SOAR platforms, enabling centralized log collection, advanced event correlation, automated alert enrichment, and incident response orchestration across monitored environments.
The service includes visibility into industrial communication protocols allowing detection of suspicious device communications and abnormal operational behavior.
Core capabilities include:
•    Centralized log collection and correlation via SIEM for security events across OT and IT environments
•    Automated investigation and response workflows via SOAR
•    OT/ICS network monitoring to detect abnormal device behavior, unauthorized commands, and deviations from operational baselines
•    Endpoint monitoring using EDR/XDR technologies to detect malware, lateral movement, and endpoint compromise
•    Threat hunting, event correlation, and attack analysis
•    Behavioral anomaly detection across network and endpoint telemetry
•    Security incident investigation, response coordination, and root cause analysis
•    Monitoring capability leverages technologies to provide advanced detection and response capabilities.

Penetration Testing & Source Code Analysis (SAST)

Category: Application Security
Usage: Vulnerability identification; Secure SDLC

Ethical hacking and penetration testing activities aimed at identifying security vulnerabilities across network infrastructure, servers, endpoints, web applications, and other relevant environments such as Active Directory and cloud platforms, depending on the agreed testing scope. Testing combines manual techniques with automated security testing tools aligned with recognized security testing practices.
The capability also includes multiple application security testing methods:
•    Static Application Security Testing (SAST) – analyzes application source code to detect security vulnerabilities during development, including insecure coding practices, logic flaws, improper input validation, authentication and authorization weaknesses, and potential backdoors.
•    Dynamic Application Security Testing (DAST) – evaluates running applications to identify vulnerabilities such as injection flaws, misconfigurations, authentication weaknesses, and other runtime security issues.
•    Software Composition Analysis (SCA) – identifies vulnerabilities in third-party libraries and open-source components, including known CVEs, outdated dependencies, and license compliance risks.
These capabilities can integrate with source code repositories and CI/CD pipelines (e.g., Git, SVN) to support continuous security validation within the Secure Software Development Lifecycle (Secure SDLC)

Security Hardening (CIS/NIST)

Category: Infrastructure Security
Usage: System hardening

Configuration hardening of servers, databases, network devices, and endpoints to minimize attack surface. Fixes default installation vulnerabilities, shuts down unnecessary services, and brings systems into compliance with CIS or NIST criteria. Includes patch management integration and baseline creation.

Data Security & Protection

Data Classification, Discovery & DLP Consultancy

Category: Data Security
Usage: Data protection; Data inventory

Data identification and labeling by sensitivity level with implementation of security controls including access authorization, encryption, and leak prevention. Automated scanning and detection of structured and unstructured data across networks, cloud storage, and endpoints — making ‘dark data’ visible.
•  Data classification strategy and access control design
•  Scanning of local and cloud file systems, SQL/NoSQL databases, email archives, and endpoints
•  Data categorization by risk level with location-based risk mapping

Security Awareness & Training

Security Awareness Program & Cyber Resilience Assessment

Category: Awareness & Resilience
Usage: Employee security awareness; Business continuity

Category: Awareness & Resilience · Usage: Employee security awareness; Business continuity
Training and simulation service including phishing drills, interactive videos, security bulletins, clean desk audits, and awareness surveys. Maturity assessment for cyber incident preparedness and recovery capabilities — delivering both technical and executive-level reporting.
•    Planned phishing drills and simulations
•    Clean Table / Clean Screen Audit Activities
•    Comprehensive assessment across critical security domains
•    Technical and executive-level reporting with improvement roadmap

ISO 27001 Implementation & Internal Auditor Training

Category: Training
Usage: Information security teams; Internal auditors

Practical training in applying ISO 27001 requirements in corporate processes. Competency training for internal auditors with certification.

General Security Awareness Training (Phishing, Ransomware, AI, Physical Security)

Category: Training
Usage: All employees; Technical teams; AI users

Basic cyber security training covering password management, phishing, and mobile security. Training in manipulation techniques with phishing simulations. Ransomware attack lifecycle and prevention. Generative AI risks and corporate usage policies. Physical access and information security procedures.

Technical Security Training (IT Fundamentals, DLP & Critical Infrastructure / OT)

Category: Training
Usage: IT teams; Data handlers; OT engineers

Technical training for Security-by-Design integration. Training in data labeling and DLP tool usage. OT/SCADA security training for energy sector personnel.

Executive Security Briefing

Category: Training
Usage: C-level executives

High-level briefing on cyber risk impacts and board-level decision scenarios.

Children’s Digital Safety Training

Category: Training
Usage: : Employee families

Training on digital footprints, cyberbullying, and online safety for employee families.