A SOC built for branch networks and ATM fleets.
Multi-branch banks have hundreds of FortiGate and ATM endpoints producing log volumes that overwhelm a junior IT team. Hello SOC ingests it, finds the signal, and ships you a regulator-ready audit trail.
- →After-hours teller-machine logins flagged on the same tick
- →Brute-force on internet-banking portals correlated with WAF events
- →Per-branch device health — SNMP polling + trap ingestion built-in
- →Quarterly retention bumps for audit periods, no plan changes
- RBI Cyber Resilience Framework
- SEBI cyber-security framework
- DPDP Act 2023
- DORA
- NIS2
- GDPR
- GLBA Safeguards Rule
- FFIEC handbook
- SOC 2 Type II evidence
- CBUAE Information Assurance
- NESA UAE-IA
- PDPL
RBI Cyber Resilience Framework — what we cover
Honest mapping against the RBI Cyber Resilience Framework for Scheduled Commercial Banks. Areas marked Partial need a complementary control from your team; Out of scopeitems belong with adjacent vendors. Procurement-ready.
| Framework area | Coverage | How Hello SOC delivers it |
|---|---|---|
| Continuous surveillance (24×7 SOC) | In scope | Detection engine + AI triage + on-call rotation; per-tenant queues in the dashboard. |
| Real-time threat defence | In scope | Pre-built rules for brute-force, mass-deny, exposed-admin, threat-intel hits — running per stream. |
| Logging and monitoring | In scope | FortiGate / Linux / Nginx / SNMP ingest into per-tenant OpenObserve org with plan-driven retention. |
| Incident response & reporting | In scope | Incident rollup, audit timeline, CERT-In-formatted reporting, weekly admin digest, monthly signed PDF. |
| Information sharing (CERT-In) | In scope | CERT-In incident notification template wired into the report module; threat-intel feed updates daily. |
| Network security visibility | In scope | Per-device FortiGate state + ingestion health; alerts when a device stops shipping logs. |
| Vulnerability management | Partial | We surface exposure (admin-exposed, web-scanner hits) but do not run authenticated VA scans — pair with a VA partner. |
| Access controls / authentication | Partial | We monitor SSH / mail / portal auth and surface brute-force + impossible-travel; enforcement (MFA, AD policy) stays in your IAM. |
| Data protection | Partial | Per-tenant isolation, encryption at rest + in transit, plan-driven retention. DLP and key management remain on your side. |
| Cyber risk assessment | Partial | Monthly report includes risk-prioritised incident summary; formal risk register is your team’s artefact. |
| Endpoint security | Out of scope | Hello SOC does not ship endpoint agents in F1. Pair with your EDR (CrowdStrike, SentinelOne, Sophos). |
| Customer awareness & training | Out of scope | Phishing simulation and training are outside our remit. Pair with a security-awareness vendor. |
Have a specific RBI / SEBI checklist item to validate? Send us the line item — we’ll reply with what we ship and what we don’t.
What changes on day one
Audit period stops being painful
Weekly admin digests and a signed monthly PDF mean regulator queries are answered with a forward, not a fire drill.
Real visibility across branches
Per-branch device health, ingestion gaps surfaced within minutes — no more silent FortiGate that stopped shipping logs last Tuesday.
Approved-and-audited response
One-click IP block at the perimeter with a full audit trail and time-bound expiry. Compliant by construction, not by promise.