SOC · CHIHUAHUA · LIVEMSSP · MDR · SIEM

We run detection and response 24/7.

For clients that need measurable, auditable security operations — not a resold remote service. We combine SOC, SIEM, EDR, vulnerability management and incident response under SLA.

Schedule maturity assessment See SLAs

bits/soc · live

ttl 24h

bits@chihuahua:~$soc status --tail

[OK]SOC online · 24/7 · 3 turnos[OK]FortiSIEM · 12 meses hot · 7 años cold[OK]FortiEDR · sitios bajo política[INFO]MTTA crítico ≤ 15 min · MTTR ≤ 4 h[WARN]CNBV reporting Q2 · evidencia generada[OK]IR retainer activo · RTO ≤ 60 min

§01Service catalog8 LÍNEAS · INTEGRADAS · MODULARES

Eight lines contracted as a set or modularly within scope. Each operates with its own runbook, SLA and reporting.

MDR / 01

SOC 24/7 · L1·L2·L3

Managed detection & response

Triage, containment and response with on-site Chihuahua shifts. Per-client documented escalation, not a generic inbox.

Cobertura: 24/7/365
Turnos: 3 · sitio
MTTA crit.: ≤ 15 min

OPS / 02

FortiSIEM operado

SIEM-as-a-Service

FortiSIEM with industry use-cases, custom source parsing and CNBV / NIST / client-aligned retention.

Retención hot: ≥ 12 meses
Retención cold: 7 años
Use cases: 120+

EP / 03

FortiEDR · MDE · CrowdStrike

Managed EDR

FortiEDR under inheritable policy. Process blocking, host containment and inline forensics from the console.

Plataformas: Win · Mac · Lin
Acciones: Block · Isolate

VM / 04

Tenable · FortiRecon

Vulnerability management

Authenticated scans, real-exposure prioritization (not CVSS alone) and business-aligned criticality SLAs.

Escaneos: Mensual · ad-hoc
Reporte: Ejecutivo · técnico

OFF / 05

Pentest · Red team

Offensive testing

Internal, external and application pentests. Actionable technical reports with remediation verification included.

Alcance: Web · API · Infra
Verificación: Incluida

AWR / 06

Phishing simulation

Phishing & awareness

Simulated campaigns and training modules. Per-department metrics and HR / security reports.

Plataforma: KnowBe4
Ciclo: Trimestral

IR / 07

IR retainer · Forense

Incident response

24/7 IR retainer. Containment, eradication, forensics and lessons learned with our own reportable runbook.

RTO IR: ≤ 60 min
Forensia: Hot · cold

CMP / 08

ISO 27001 · NIST · CNBV

Compliance

Audit support for ISO, NIST CSF, CNBV and PCI-DSS: evidence, controls and remediation plan.

Evidencia: Lista para QSA
Sectores: Gobierno · Banca

§02How we startONBOARDING 4-8 SEMANAS

Repeatable 4-to-8 week onboarding. We don't hand you a dashboard and wish you luck.

01
FASE
DESCUBRIMIENTO
Entrevistas con TI/seguridad, inventario de fuentes, criticidad de activos, mapeo regulatorio.
DURACIÓNSem 1-2
02
FASE
INTEGRACIÓN
Conexión de fuentes al SIEM, despliegue de agentes EDR, casos de uso priorizados por industria.
DURACIÓNSem 3-4
03
FASE
RUNBOOKS
Procedimientos por activo, criterio de escalación, contactos de cliente, hand-off entre turnos.
DURACIÓNSem 5
04
FASE
VALIDACIÓN
Tabletop con escenarios reales, ajuste de umbrales, baseline de falsos positivos antes de go-live.
DURACIÓNSem 6
05
FASE
OPERACIÓN
Turnos rotativos en sitio Chihuahua. Threat hunting periódico, mejora trimestral, reporte mensual.
DURACIÓNContinuo
06
FASE
REPORTE
Semanal técnico para TI, mensual ejecutivo para dirección, trimestral para cumplimiento.
DURACIÓNContinuo

§03Operational SLAsDEFAULT · ENDURECIBLES

Default contractual commitments. Can be tightened for regulated clients (CNBV, energy, healthcare) per the client's risk matrix.

METRIC · MTTA

MTTA · CRITICAL≤ 15 min

Mean Time To Acknowledge para alertas críticas. Activación inmediata de runbook y comunicación a contactos del cliente desde el SOC.

MTTA · CRITICALAcknowledge
≤ 15 min
MTTA · HIGHAcknowledge
≤ 30 min
MTTR · CRITICALHasta contención efectiva
≤ 4 h
COBERTURATurnos en sitio Chihuahua
24/7/365
RETENCIÓN HOTConfigurable por industria
≥ 12 meses
RETENCIÓN COLDCumplimiento regulatorio
7 años
RTO · IRActivación de célula IR
≤ 60 min
REPORTE EJEC.Comité ejecutivo
Mensual

§04Stack we operateFORTINET · MULTI-VENDOR

End-to-end Fortinet specialization with third-party integrations where it makes sense for the client.

FortiSIEM
FortiEDR
FortiAnalyzer
FortiSOAR
FortiSandbox
FortiDeceptor
FortiMail
FortiRecon
Tenable
KnowBe4
Microsoft Defender
CrowdStrike

NSE 4 · Network Security ProfessionalNSE 5 · Network Security AnalystNSE 7 · Network Security ArchitectFCSS · Network SecurityFCSS · Public Cloud Security

FABRIC · STACK QUE OPERAMOSNSE 7 · FCSS

TIER 00 · BORDE / SaaSCloud-edge

FortiSASEFSA

TIER 01 · PERÍMETROEdge protection

FortiGateFG

FortiWebFW

FortiMailFM

TIER 02 · FÁBRICA & ENDPOINTIdentity & control

FortiAPFAP

FortiSwitchFSW

FortiNACFNAC

FortiEDRFE

FortiDeceptorFD

FortiSandboxFSB

TIER 03 · VISIBILIDAD & RESPUESTAObservability ops

FortiSIEMFSI

FortiAnalyzerFAN

FortiSOARFSO

§05Frequently asked questionsLO QUE PREGUNTAN

The questions we hear most in pre-sales. If yours isn't here, an engineer answers on a 30-min call.

In-house SOC in Chihuahua, engineers on payroll, dedicated monitoring infrastructure. We don't resell. SOC visits are possible under NDA.

Yes. We operate what you already have; with Fortinet we gain depth through specialization, but the service covers heterogeneous sources. We bring our own connectors.

4–8 week onboarding: discovery, source integration, use-cases, asset runbooks, tabletop validation, transition to 24/7 operation.

Weekly technical (alerts, tickets, SLAs) and monthly executive (trends, risk, recommendations). Real-time dashboard access under client identity control.

Yes. Operation is aligned to ISO/NIST controls and evidence is audit-ready. For CNBV we've supported regulated clients for several years.

BOOK

2-to-3 week diagnostic. No mandatory follow-on contract.

Ends with a gap map, prioritized risks and a remediation plan. If you decide not to move forward with us, the report is yours either way.

Book the assessment Talk to the SOC

We run detection and response 24/7.

Managed detection & response

SIEM-as-a-Service

Managed EDR

Vulnerability management

Offensive testing

Phishing & awareness

Incident response

Compliance

DESCUBRIMIENTO

INTEGRACIÓN

RUNBOOKS

VALIDACIÓN

OPERACIÓN

REPORTE

2-to-3 week diagnostic. No mandatory follow-on contract.