The Žilina-based company HOUR, s. r. o. is one of those Slovak technology companies that have been building their reputation in the business world for more than thirty years. The company develops and supports several proprietary software solutions for human resources, payroll, attendance, and management. There are several solutions, but the flagship product is the HUMANET online economic and HR information system. Every seventh payslip in the Slovak Republic is created using HOUR's solutions, and thousands of companies from the public, corporate, and third sectors use them every day. This involves a huge amount of sensitive data that requires not only accuracy but also a high level of security. It was precisely the desire to continuously improve security that became the main motive for their recent transition to the cyber security monitoring center (SOC) from Binary Confidence.
Ľubomír Šidlík, Internal Development Specialist at HOUR
Transition to MDR and gradual discovery of its limitations
Vývojárska firma HOUR, ktorá roky pomáha iným automatizovať ich procesy, sama v určitom bode zistila, že musí zautomatizovať aj vlastnú ochranu. V roku 2024 sa preto rozhodla zaviesť službu Managed Detection and Response (MDR) s jasným cieľom získať rýchle reakcie na incidenty, mať istotu, že na pozadí je niekto, kto sleduje dianie v ich infraštruktúre, a zároveň odľahčiť interný IT tím.
First impressions were positive. Customer support responses were quick, often within minutes. As a development company that modifies and tests its own code on a daily basis, HOUR appreciated the prompt response time to requests. "We often needed to make adjustments to the code, test new versions, and support was always available to us," said Ondrej Medvéš, the company's technology specialist .
MDR makes a lot of sense for smaller companies or teams without their own security department. It provides a ready-made, turnkey solution and is very affordable compared to the costs of an internal team. However, after more than a year of practice, it has become clear that if a company wants to see deep into its systems, MDR alone is not enough.
MDR often blocks processes without clear notification and communication
Although the MDR service reliably detected suspicious behavior, the HOUR IT team began to notice its limitations over time. Some actions were performed without clear notification, which caused unexpected situations such as blocking users without prior warning. It was common for the system to block an employee and for their tools to stop working as they should. The IT team then had to laboriously search for what had been changed/blocked by the service, without receiving any notification. In addition, incident descriptions were often very brief, making them difficult to evaluate. "Some notifications were correct, but the explanation of what exactly happened was usually only a few sentences long," describes specialist Ondrej Medvéš. "When you have a complex environment with the cloud, older systems, and new modules, you need context. It's not enough to just know that something happened," he adds.
The IT security team also recorded a low number of findings. This was not because the system was not working, but because many events were not logged correctly. Over time, it became apparent that some test scenarios simply could not be captured because logging of those events was not enabled.
HOUR implements SOC from Binary Confidence
In the second half of 2025, HOUR management, in agreement with the IT team, decided to add an active, 24/7 Cybersecurity Monitoring Center (SOC) to its existing MDR. Not as a replacement for existing services, but rather as an extension of them. As HOUR's own security experts admit, SOC and MDR are similar, but the results are not identical.
Jozef Burianec, HOUR safety engineer
HOUR's SOC provided better visibility and a trusted partner
Today, HOUR perceives the benefits of SOC from Binary Confidence on two levels:
1. Better overview
SOC has become another layer of protection that sees more. By connecting logs from different environments (on-premise, cloud, servers, applications, development environments), it can detect even those incidents that a regular MDR would not notice. For the first time, the HOUR team gained a complete overview of what was really happening in their infrastructure. Old configurations and remnants from the past were uncovered. Accounts of former employees, outdated access policies, non-standard password procedures. The SOC helped them not only identify these problems, but also explain their causes and impact. "The SOC gave us eyes! We can see what's happening in our systems. And when something is wrong, we understand why and are able to take action," explains Ondrej Medvéš.
2. A quality partner for consulting
The second and equally important pillar is the human factor. SOC at Binary Confidence consists of L1, L2, and L3 analysts and experts with whom HOUR security technicians can openly consult about everything they find in the environment. "Before, we could look something up on Google or ChatGPT, but at the end of the day, we were left with raw data that needed to be evaluated," they say with a smile. "Today, we always have someone available to tell us what's going on, what the potential impact on our systems is, and how to solve the problem. Thanks to this, HOUR can guarantee its customers that their data is under constant supervision and professionally managed."
SOC analysts help not only with responses, but also with planning measures, configuration adjustments, and system optimization. This enables the company to respond to incidents within hours, not days. All extraordinary events that occur in their network must be reviewed by an analyst within 30 minutes. It is extremely important for HOUR and its IT security team to understand the reasons, not just the symptoms.
SOC ≠ MDR
HOUR's experience confirms that although MDR and SOC appear similar at first glance, they are two different services. MDR focuses on rapid detection and automatic response for teams that need a "ready-made" solution. SOC, on the other hand, is an analytical service that combines technology, data, and people. It monitors not only what is happening, but why it is happening and how it affects the broader context.
The introduction of SOC at HOUR was not just a technical upgrade. Management receives regular reports on the security status, types of threats, trends, and how the overall risk posture is improving. For a company that processes sensitive data from tens of thousands of employees on a daily basis, this is an invaluable step forward.
HOUR is an example of how even a technologically advanced company can take its security to the next level, not because of an incident, but thanks to its own maturity and foresight. "For us, it wasn't just a logical technological decision, it was a decision made by a partner who is deeply aware of what customers entrust to them. Every pay slip, every personal number, every piece of data in the system is proof of trust. And that trust deserves to be treated with the utmost responsibility. That is why cybersecurity has long been one of our top priorities," explains Milan Urbaník, Director of Strategy at HOUR. SOC is an effective way for the company to keep its security under maximum control and remain calm even in a world that is changing every day.
