Managed SIEM (Security Information and Event Management)

A complete SIEM* with built-in, essential security tools for complete threat detection, incident response, and compliance management. Correlate and analyze the following security event data from across your network: log management, event correlation, incident response, and reporting. In addition, Unified Security Management (USM) provides unified, coordinated security monitoring, simple security event management and reporting, continuous threat intelligence and multiple security functions.

Phase 1 2 3 4 5
Managed Security Information and Event Management
Security, Border network, and DMZ device logs check check check check
Threat intelligence check check check check
Monthly reporting check check check check
Server and service availability check check check check
Network intrusion detection check check check
Database log collection check check check
Vulnerability testing check check
Host IDS check check
Wireless IDS check check
Host configuration testing check check
File integrity monitoring Security incident response¹ Risk mitigation check check
Compliance reporting check check

¹ Requires incident response planning and documentation.

Services

  • Log collection – security, border network, and DMZ devices: Aggregate logs and events from critical security and network border devices and correlate events into actionable information.

  • Threat intelligence: Aggregated real time threat signatures and intelligence collected worldwide to quickly identify indicators of compromise.

  • Monthly reporting: Monthly asset reporting and vulnerability reporting.

  • Server and service availability: Monitor critical servers and services for availability.

  • Network intrusion detection: Catch threats targeting your vulnerable systems with signature- based anomaly detection and protocol analysis technologies. Identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.

  • Database log collection: Event logs from servers and other critical assets.

  • Vulnerability Scanning: Regularly scheduled vulnerability scans of networked assets.

  • Host IDS and file integrity monitoring: Analyze system behavior and configuration status to track user access and activity. Detect potential security exposures such as system compromise, modification of critical configuration files (e.g. registry settings,/etc./password), common rootkits, and rogue processes.

  • Wireless IDS: Integrates with existing Wireless Intrusion Detection systems to monitor wireless network activity.

  • Security incident response: Incident response plan to mitigate security events.

  • Vulnerability assessment: New vulnerabilities emerge daily as your IT landscape changes, introduced by configuration errors, unauthorized software installs, unsecure endpoint devices, and much more. To keep your network secure, continual scanning of your systems and devices to detect vulnerabilities as they arise is necessary.

  • Compliance reporting: Simplify the challenging requirements of monitoring and reporting compliance for PCI-DSS, SOX, GLB, CJIS, HIPAA, NERC CIP, FISMA and ISO 27001.

* Compatible customer premise equipment required

Not Sure Where To Start?