SIEM

Attacks from hackers are becoming more and more sophisticated each year. This leaves companies with increased costs, due to system crashes, loss of confidential data, bad publicity, customer uncertainty or lost market share.

The most effective way to know when you have been attacked is to use a SIEM solution (Security Information and Event Management). Central log collection has always been a good practice, but automating threat detection and making the events readily available is a must-have. SIEM is critical for identifying known and unknown threats based on data collected from logs.

Security Intelligence is the cornerstone of any SIEM solution platform. It’s important to be able to configure, manage, and operate the essential security capabilities that no company should be without. Unifying the essential security capabilities within a single platform simplifies management and reduces complexity, allowing you to spend more time securing the network and less time learning, deploying and configuring tools.

We offer the following deliverables within this service:

  • Hotline Support: day to day troubleshooting and support
  • Professional Services: such as building an optimized SIEM tool
  • Managed Services: a fully managed SIEM service everything included
  • Solutions: best of breed products integrated to fit your demands

Services

Hotline

When things get complicated, we will support you and provide direct access to the vendor support.

Hotline is available via email, phone and the customer portal.

Response time is defined by the SLA you attach to the agreement:

  • 8x5x4
  • 24x7x4

Professional

Analysis & Design
We have years of experience working with preventive security controls and understand how to build an optimized threat detection platform based on logs. Take advantage of our Professional Services team that will support you doing your classic architectural tasks such as:

  • SIEM Architecture refresh
  • Building SIEM to support a hybrid cloud environment
     
    Implement & Configure
    If you buy the solution, we can do more than a simple Rack & Stack. We will support throughout the deployment and deliver a detailed set of system documentation.

Deployments are always performed by combining best practices from the vendor with our own experiences. Typically we can estimate deployments beforehand and are delivered using fixed pricing.

We have the following deployment options available:

  • Small: 15 hours
  • Medium: 50 hours
  • Large: 100 hours

Managed

We deliver a fully managed service or an on-premise managed SIEM.

Secu Log Management Service
LMS is an add-on to our VMS service, and delivers a fully managed service.

Technical capabilities:

  • Log Correlation Client for desktop and servers
  • On-premise virtual server for local log collection via WMI, Syslog and/or OPSC
  • Broad device type support – read more here
  • Storage silos in combination of 1TB, 5TB, 10TB
  • Data retention 12 months
  • Powerfull analytics & Reporting
  • Predefined incident alerts
     

On-Premise SIEM
Managed RSA Netwitness for Logs & Packets.

Technologies

RSA

RSA Netwitness for Logs is unique when combined for Netwitness for Packets.

Key Benefits:

  • Extensive visibility across logs and packets to find the threats that matter most
  • Prioritized alerts enhanced with business and security context in real-time
  • Faster analysis with real-time sessionized data capture and indexed metadata
  • Secure cloud networks (AWS and Azure) with flexible hybrid or all cloud deployments
  • Expose lateral movement and Command and Control (C2) and see early signs of threats
  • Reconstruct suspicious emails, websites and more to see what really transpired
  • More completely understand the full scope of the attack across your network with the RSA Logs and Packets
     

Read more here.

Tenable

Tenable SecurityCenter CV is the tool for vulnerability management, but includes a Log Correlation Engine which comes with out of the box correlation rules and threat intelligence.

Secu LMS is an extension to our VMS service, and is a fully managed and hosted SIEM service based on Tenable SecurityCenter CV.