U.S. Department
of Justice
Core Security Operations Center (SOC) Services
Experience the unique advantages of the Department of Justice (DOJ) SOC services offered to federal agency partners. The Justice Security Operations Center (JSOC) stands as the central hub for 24x7, intelligence-driven network surveillance, incident response, interagency information exchange, threat intelligence, and cybersecurity inquiries.
By adhering to the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) guidelines for SOC shared service providers, the JSOC will partner with your agency to deliver top-tier security and compliance, ensuring the utmost protection of your valuable data and assets.
The modular nature of our services allows for cost-effective solutions tailored to your agency's unique requirements, while our 24x7 intelligence-driven approach always guarantees the highest level of cybersecurity.
By choosing DOJ SOC services, you are not only investing in the protection of your agency's valuable data and assets, but also fostering a collaborative relationship that promotes the exchange of vital information and best practices in the ever-evolving cybersecurity landscape.
Join us in our mission to safeguard our nation's digital frontiers.
Cyber Threat Intelligence and Information Sharing
DOJ’s Cyber Threat Analytics Team (CTAT) provides digital threat monitoring, brand reputation monitoring, data breach monitoring, and very important person (VIP) monitoring to identify risks and threats to agency leadership. CTAT curates and distributes a summary of the previous week’s noteworthy cyber threat news. CTAT maintains a portal that provides daily CTI updates, intelligence summaries, DOJ’s block list, and other items of interest for agency partners.
Detection Content Management
The DOJ curates detection alerts and correlation searches by leveraging our Unified Security Content Catalog (USCC) and existing agency partner content. We provide engineering support to integrate your Splunk instance to the DOJ’s Splunk instance and the Justice Incident Management System (JIMS).
Network and System Monitoring
The JSOC provides 24x7x365 monitoring for security events identified by best-in-class security tools to identify possible cybersecurity incidents.
Incident Analysis and Response
Our JSOC team analyzes the incident, parties involved, timeframe, and correlation to other incidents, all based on available agency data. If needed, JSOC requests additional data from the customer to complete its analysis. The JSOC provides agencies with recommendations for additional investigative steps, as well as steps for incident response and recovery. Our JSOC subject matter experts will conduct follow up with the agency customer to track incident closure. DOJ provides access to the JIMS that maintains a record of all security incidents, as well as a portal for customers to access dashboards and knowledge management pertaining to their service.
Core SOC Benefits
Your organization has unique needs that don’t always translate with commercial cybersecurity vendors. At DOJ, we fully understand your opportunities and how to navigate through the government landscape. When considering the benefits of a managed service, agencies like yours quickly identify DOJ’s advantages. Some of the benefits that set DOJ apart from other cybersecurity options include:
- Reducing your total cost of ownership (TCO) for SOC capabilities by leveraging DOJ’s shared resourcing model
- 24x7x365 analysis of security alerts by DOJ analysts that reduces the time your staff spends trying to detect and respond to incidents
- Gaining the ability to leverage DOJ’s SMEs, intelligence analysts, and cyber threat hunters in the event of a major incident
- Proactive and ongoing cyber threat hunting of Security Information and Event (SIEM) logs based on a variety of curated cyber threat intelligence sources
- Minimizing the impact of staff turnover and reduction of cybersecurity team burnout
- Future-proofing your needs with DOJ’s enhanced scalability and agility
- Securing your alignment with the most current Office of Management and Budget (OMB) and CISA cybersecurity mandates
Explore premium services:
With the understanding that every agency is unique and has specific needs to address, DOJ bases its model on flexibility and customization, offering customers advanced add-ons, described below. Click on a service to learn more.
Our DOJ team designs, implements, and configures the full SIEM deployment, including the cloud platform and supporting on-premise infrastructure. DOJ provides full-service ongoing administration of the SIEM.
DOJ assists customers to deploy CrowdStrike agents to endpoints, unlocking capabilities like incident response and cyber threat hunting. Our DOJ SOC provides operations and maintenance for CrowdStrike tenants.
Before providing expert operations and maintenance, DOJ assists customers to deploy Trellix Email Threat Protection (ETP) within its inbound email flow, including integration with Verizon E3A and the customer’s email provider.
Utilizing industry best practices, DOJ can perform customized engagement-based cyber threat hunts tailored to the customer risks, concerns, environment, security tools, and specific hunt objectives.
Digital Forensics
Our expert team can perform investigations into active cybersecurity breaches leveraging user activity, file system artifacts, and network and system logs with our DOJ Forensics Lab toolset.
Continuous Penetration Testing
If our Penetration Test Team finds vulnerabilities, DOJ can provide access to dashboards on service status, results, and provide quarterly reports that assist customers looking to complete FISMA reporting requirements. The DOJ Penetration Test Team can provide recommendations to improve your policies, coordinate training, and perform the technical onboarding of our Synack solution to in-scope systems.