We recommend the Cyber Fusion Centre Framework as below

Offensive Security

Work with business and IT stakeholders to perform security validation on applications, servers, and any devices at the organization and keep tapping on emerging cyber threats and adversary’s TTPs

Strategic Threat Monitoring

Evaluate current and emerging security control, and address control gaps observed from new cyber scenarios. Finally, advise stakeholders of any observed detection and/or control gaps

24 X 7 Threat Triage

1st line monitoring & vendor service management, supporting with the security log onboarding and workflow management to enrich cybersecurity use case and SOPs

Threat Hunting

Utilize MITRE ATT&CK framework to advise on internal detection and protection measures Identify vulnerabilities, attacker trends, and novel malware

Incident Response

Incident management and oversight of follow-up and remediation actions provide a timely incident update to ensure all steps are taken to address potential risk

Threat Analysis

Perform research on enrichment from technical & intelligence perspectives. Operated threat feeds to conduct threat hunting in SIEM, SOAR, EDR, CASB, CTI Platform, etc.