SOC Implementation for an IT Company

Client:

International IT company

Industry:

Information technology, cybersecurity

Focus:

SOC and SIEM implementation for centralized security monitoring

Main challenge:

Lack of centralized monitoring, slow incident detection, and risk of data compromise

Market:

International

Services provided:

SOC / SIEM Implementation

Key Takeaways

47 detection and 25 response scenarios

ISO 27001 compliance: 32% → 94%

Achieved 91% SOC 2 audit readiness

Reduced incident detection time from 36 hours to 8 minutes

Reduced incident response time from 8 hours to 35 minutes

95%

Asset coverage

100%

Logging compliance

347

CVEs identified

Jun 30, 2026

3 min

An international IT company approached Datami to strengthen infrastructure security, centralize security monitoring, and prepare for certification. The Datami implemented a Wazuh-based SOC, configured 47 detection scenarios (use cases) and 25 response scenarios (playbooks), increasing ISO 27001 compliance to 94%.

The international IT company provides infrastructure monitoring solutions and processes personal and financial data. With more than 50,000 users, maintaining a high level of security is critical.

For this business, cybersecurity directly affects service availability, compliance with industry standards, and the ability to detect and respond to incidents.

Project goals and challenges

At the start of the project, the client had no SIEM system or centralized security monitoring, making threat detection difficult.

This increased the risk of data breaches, non-compliance with ISO 27001 and SOC 2, and disruptions to critical services.

Implement a SOC and SIEM for centralized security monitoring across the infrastructure
Reduce incident detection and response times while improving alert accuracy
Achieve ISO 27001 and SOC 2 readiness with a scalable security architecture

IT infrastructure

100+ hosts: Windows, Windows Server 2022, Ubuntu Server, Active Directory, and public-facing hosts.

Key risks

No SIEM, slow incident detection, excessive log noise, and risk of data compromise.

Expected outcome

Centralized monitoring, faster incident response, and compliance with security standards.

Our approach

Datami implemented the SOC in stages by deploying the Wazuh SIEM system and integrating it into the client's infrastructure. The approach included documentation analysis, threat detection scenarios, and attack simulation.

Security monitoring was centralized across critical systems, preparing the infrastructure for compliance. Detection rules were configured, log noise and false positives reduced, allowing the system to focus on critical incidents.

Compliance-driven

Built monitoring scenarios and use cases aligned with security standards and regulatory requirements.

Purple team

Validated SIEM effectiveness through cyberattack simulations and analysis of how the system detected them.

Key project stages and solutions

SOC implementation followed a phased approach, considering the complex IT infrastructure, service continuity, and certification goals.

At the beginning of the project, the sequence of work and regular reporting were agreed upon.

The primary communication with the client took place during weekly Google Meet meetings and via email.

SIEM deployment

Implemented Wazuh and connected Active Directory, Windows workstations, and Ubuntu servers to centralized security monitoring.
Configuration and validation

Built detection scenarios, collected telemetry, reduced false positives, and validated the system through attack simulations.
Project finalization

Analyzed results, prepared the final report, technical documentation, and recommendations for future operations.

Results and recommendations

As a result of the project, the client received a Wazuh- and Zabbix-based SOC with centralized monitoring of 95% of critical assets and a complete audit trail. Datami implemented 47 detection scenarios and 25 response scenarios, identified 347 CVEs, and achieved 99.98% monitoring uptime.

The key outcome of the project was a significant improvement in incident response speed and compliance levels:

Incident detection time was reduced from 36 hours to 8 minutes;
Incident response time was reduced from 8 hours to 35 minutes.

ISO 27001 compliance increased from 32% to 94%, while SOC 2 readiness improved from 28% to 91%. The client also received technical documentation, including:

Disaster Recovery Plan,
Incident Response Policy,
Access Control Policy,
Vulnerability Assessment and Compliance Reports.

Key project results

SOC implementation helped the client centralize security monitoring, significantly reduce incident detection and response time, and improve control over critical assets.

This case study shows that for a complex IT infrastructure, continuous monitoring, quality logging, and tested response scenarios are the foundation of resilience against modern cyber threats. Phased SOC implementation enables faster attack detection and systematically improves security process maturity.

Metric

Before the project

After the project

SOC and monitoring

No centralized monitoring

SOC and SIEM implemented

Detection time

Up to 36 hours

8 minutes

Response time

Up to 8 hours

35 minutes

Standards compliance

ISO 27001 – 32%, SOC 2 – 28%

ISO 27001 – 94%, SOC 2 – 91%

Security maturity

Fragmented processes and high log noise

47 detection scenarios, 25 response scenarios

Business outcome

Risk of data breaches and service disruptions

Greater control, faster response, and audit readiness

More success stories with Datami

Browse other project case studies

Blockchain Project Security Audit

Audited 9,000+ lines of Rust code
Project certified by Datami

Services:

Blockchain security audit

Jun 30, 2026

Kubernetes Infrastructure Security Audit

21 vulnerabilities of varying severity were identified
The risk of unauthorized access was reduced by 90%

Services:

Penetration Testing, Cloud Security Assessment

Jun 23, 2026

AI Platform Security Testing

51 vulnerabilities identified, including 2 critical
Full system prompt disclosure confirmed

Services:

AI Systems Penetration Testing (OWASP LLM Top 10)

Jun 9, 2026

Back to home page

Datami articles

Mobile App Penetration Testing: Protection Against Malicious Apps

Oleksandr Filipov

Mobile App Penetration Testing: Protection Against Malicious Apps

Malicious mobile apps attack not only the smartphone - they deliberately exploit vulnerabilities in your application. Find out how penetration testing helps identify these weaknesses before they become a security risk.

15 min Jun 30, 2026

Oleksandr Filipov

Top Business Cyber Security Issues

Which issues in cyber security do businesses face most frequently? In this article, we examine the top 9 most relevant cybersecurity issues by criticality level and provide recommendations for their remediation.

3 min May 4, 2026

Oleksandr Filipov

What is a Cybersecurity Incident?

Cyber incidents have long ceased to be a headache only for large corporations and government institutions. Today, they are a common part of the digital reality faced by companies of all sizes.

3 min May 4, 2026

Show all articles

On this page you will learn what cookies are and how and when we use them. Definition of the term Cookies Cookies are pieces of data that a web server generates and that a website stores on your user device (computer, smartphone, tablet, etc.). Each website or third-party service sends cookies to the browser installed on your device only if your browser allows it. This is possible if you have not set any restrictions in your browser settings to save cookies. Browsers are a very well thought out technology. They protect personal data and allow websites to access only cookies that were previously sent to them. Cookies are divided into: session cookies. They are stored in the memory of the browser only during your session, after leaving the site immediately removed. permanent. They are stored in the memory of the browser for a long time. Definition of the term “browser” A browser is an application for browsing websites. The most popular browsers are Chrome, Internet Explorer, Firefox and Safari. All listed browsers are safe. In the settings of these browsers, cookies can be easily disabled, as well as change the settings of their work. You can: accept all cookies; ask the browser to notify when cookies are used; do not accept cookies. Cookies on datami.ee and how we use them We use cookies to: our site is more functional; to understand how you navigate on the site, what content you consume better, to develop the content strategy of the site; understand how many visits to the site were per day, month, year. Analyze the geographical identity of users of the site, the number of repeated visits and other data. Cookies that we use on our site. Third-party cookies. The buttons of social networks, videos and some other services of our site are the property of other companies. These companies may also use cookies on your device if you have used them on our site or have been previously registered with them. The privacy policy of the use of personal data by these services can be found on the websites of these services. Blocking cookies All browsers allow simple actions to disable cookies. To disable them, you must go to your browser settings and find cookies in them. But we must remember that blocking cookies can have a negative impact on the performance of many websites. How to delete files You can also always delete cookies that are stored on your computer. To do this, follow the instructions of your browser Again, deleting cookies can have a negative effect on the performance of many websites.