Customers who use CyberPort SOC-as-a-Service(SOCaaS) can tailor the managed SOC solution to their risk context, process, and the technical environment by selecting from
a menu of SOC services.


Real-time event monitoring
Incident triage
Incident classification
Incident notification
Data source / SIEM tuning
Security hotline
Monthly reporting


-Level 1 Incident containment plan creation

-Level 2 Level 1 + Remote or on site incident response


Threat hunting
Vulnerability assessment & management
Code Review
Penetration testing
Deception and honeypots
Threat intelligence sharing


POPIA compliance
Cyber risk profile review
Security maturity improvement
Gap analysis - In-depth risk assessment


Complex event source handling
SIEM deployment and tuning
EDR deployment
NTD/IPS deployment

How CyberPort Can Help You Secure Your Business

CyberPort uses AI technology to deploy industry-leading SOC-as-a-service solutions that reduce the complexity and overhead cost of cybersecurity excellence. Our fully managed security solution is versatile and scalable, making it ideal for enterprises of any size.

Consult a cybersecurity operations expert to discover how CyberPort comprehensive security service model can augment and secure your business operations.

Service Parameters & Service Level Agreements

Additionally, CyberPort Africa’s SOC gives users the
choice of a suitable Service Level Agreement (SLA),
which defines the following aspects of the service’s
temporal characteristics:
Tracking the availability of services
During this period, event detection and triage are provided by SOC analysts. 8x5 (normal business days) 24x7 (continuous)
Availability Of Incident Response Services
With confirmed occurrences, SOC incident responders provide remote assistance or, at your discretion, on-site support. 8 to 5 (weekdays) and 24 hours a day (continuous)
First Expert Verdict (FEV)
The interval between the possible incident being registered by the SOC technical systems and the initial triage being finished and an expert determination being made for the suspicious activity. This includes elements like the likelihood of an occurrence and its initial seriousness. This period of time can be customized but is contractually established at 60 minutes.
Time To Incident Response
The interval between the moment a possible event is found to need the use of incident response protocols and the start of the IR process with professional incident responders. This period of time can be customized and is contractually limited to 60 minutes.