From Detection to Response: how Italtel’s SOC protects businesses 24/7 in the new cybersecurity landscape

The quarterly Cisco Talos report highlights a paradigm shift in enterprise cybersecurity: attacks on public-facing applications are increasing, while stealth techniques—“invisible” methods that use legitimate tools to bypass security controls—are spreading.

In practice, attackers no longer rely on easily recognizable malware but hide behind processes and activities that appear legitimate.

In Q3 2025, more than 60% of analyzed incidents originated from Internet-exposed applications, compared to just 10% in the previous quarter.
At the same time, ransomware attacks decreased, but the variants in circulation became more sophisticated and harder to detect.

As the line between legitimate activity and threat becomes increasingly thin, companies need a Security Operation Center (SOC) capable of continuous monitoring, automated threat detection, and rapid incident response. Only a truly always-on approach can protect operational continuity and digital reputation.

Expertise, Technology, and Human Intelligence

Italtel’s SOC is a benchmark in enterprise cybersecurity thanks to a model that synergically combines people, processes, and technology. Alongside deep cybersecurity specialization, the team integrates advanced skills in networking, Incident Response, and Forensics—an essential mix to analyze each event from multiple angles and intervene quickly and effectively.

To make the SOC’s technological value clearer, here’s how our model works every day:

• Next-generation SIEM platform to correlate logs and detect anomalies— even when hidden behind legitimate activities

• Detection engines powered by dynamic rules and behavioral analytics, continuously verified and updated by our analysts

• Selective integration of EDR, NDR, and vulnerability intelligence tools to enrich event context and drastically reduce false positives

• Automated Incident Response playbooks that trigger containment actions within seconds, even before human intervention

• Structured Threat Hunting activities to uncover hidden threats that do not generate traditional alerts

• Cyber Threat Intelligence (CTI) services providing updated insights on tactics, techniques, and attacker infrastructures to anticipate emerging risks

This “living” technological approach—based on continuous evaluation and integration of the most effective tools—allows Italtel’s SOC to constantly improve detection quality and ensure increasingly fast and accurate responses.

The SOC combines skills across security, networking, forensics, and SIEM platform management. A dedicated L2/L3 layer handles the most complex incidents and coordinates responses to advanced threats. This multidisciplinary workflow ensures faster, more creative, and more accurate incident handling, reducing analysis and containment times.

Another key differentiator is the ongoing cooperation between SOC and NOC (Network Operation Center), enabling immediate identification and resolution of both security and infrastructure issues. For customers, this means having a single control point protecting their entire digital ecosystem.

Onboarding and trust: security tailored to the customer

Every new engagement begins with an in-depth onboarding process in which Italtel’s SOC analyzes the customer’s environment, IT architecture, operational specificities, and business objectives.
This phase is more than a technical setup: it’s where trust is built and the foundations for a personalized security strategy are defined.

Onboarding often includes a Security Assessment that maps risks and vulnerabilities across IT and OT environments—an approach explained in detail in our article “Security Assessment between IT and OT: an integrated approach to corporate security.”

This step enables precise configuration of monitoring and response systems, ensuring tailored protection for digital infrastructures and complex industrial environments.

A SOC that’s always on—and always human

Italtel’s SOC is not just a technology hub but a team of people working intelligently and passionately to deliver a secure, responsive, and reliable environment.

The L2/L3 layer handles the most complex incidents, coordinating targeted responses and minimizing the impact of advanced threats.

In a world where cybersecurity is a race against time, real value comes from the combination of advanced automation, human intelligence, and the rapid intervention capability of the L2/L3 SOC—offering companies continuous protection and confidence in their digital future.