SOC as a Services

VNCS Global provides the concept of SOC-as-a-Service, our cloud-based SOC, to give our clients a true partner and help fill gap within IT security. We provide continuous detection, protection and response for organizations that do not have the resources for a 24/7 in-house staffOur team provides around-the-clock event monitoring and incident management from our global network of SOCs and actionable notifications for any suspected incidentOur security experts use industry leading SIEMs and automated response capabilities so you can address critical security and compliance needs, reduce the risk of a data breach and lower your operational costs. 


  • Quick on-boarding
  • 24/7 security event monitoring and alerting
  • Out-of-the-box support for 350+ log sources
  • Large library of threat detection use cases
  • Business context modeling, creating custom rules and use cases to identify critical security alerts relevant to your organization
  • Compliant with standards like PCI, HIPAA, SOX, GLBA, FFIEC, NERC CIP and FISMA
  • Access to an easy-to-use web portal, containing powerful reporting, dashboards, and drill-down analytics
  • Meets the requirements of Circular 31/2017 / TT-BTTT, Decree 85/2016 / ND-CP, Directive 14 / CT-TTg 2019 of the Prime Minister.


Using the world’s 1st SIEM solution Splunk – exclusively distributed by VNCS in Vietnam market since 2014. There are also world famous solutions such as Splunk, Acunetix, Tenable, …
Open platform provides APIs and SDKs to connect to and from other systems.
Easily change and expand the dashboard, alert, report, … according to actual needs to serve the report.
Supporting research and application of machine learning, integrating applications to support the application of machine learning explanations into real problems
Responding to incidents and providing service (auto response) in phase 02 at the request of customers
Using BigData platform with the ability to monitor and analyze events real time from unlimited data sources, ensuring high performance.


Level 1
Security Operation
Based on the software Firewall, IPS, DDOS Protection, SIEM …
Level 2
Information Security Monitoring
Monitoring, giving warnings and handling instructions
Level 3
Monitoring, alert and remediation
Support and participate in handling information security incidents (manual and geared toward automatic handling)


  • Installing Agent (Forwarder) on important servers and service servers such as DNS, AD, Web, Mail, E-portal, Public services …
  • Collect log from network devices and security devices: Routers, Switches, Firewall, IPS, Endpoint protection, …
  • Collect Netflow from Core Switch (SPAN Port).
  • Vulnerability information through periodic vulnerability scanning.