Managed SIEM (Security Information and Event Management)
A complete SIEM* with built-in, essential security tools for complete threat detection, incident response, and compliance management. Correlate and analyze the following security event data from across your network: log management, event correlation, incident response, and reporting. In addition, Unified Security Management (USM) provides unified, coordinated security monitoring, simple security event management and reporting, continuous threat intelligence and multiple security functions.
| Phase | 1 | 2 | 3 | 4 | 5 |
|---|---|---|---|---|---|
| Managed Security Information and Event Management | |||||
| Security, Border network, and DMZ device logs |
|
|
|
|
|
| Threat intelligence |
|
|
|
|
|
| Monthly reporting |
|
|
|
|
|
| Server and service availability |
|
|
|
|
|
| Network intrusion detection |
|
|
|
||
| Database log collection |
|
|
|
||
| Vulnerability testing |
|
|
|||
| Host IDS |
|
|
|||
| Wireless IDS |
|
|
|||
| Host configuration testing |
|
| |||
| File integrity monitoring Security incident response¹ Risk mitigation |
|
| |||
| Compliance reporting |
|
| |||
¹ Requires incident response planning and documentation.
Services
-
Log collection – security, border network, and DMZ devices: Aggregate logs and events from critical security and network border devices and correlate events into actionable information.
-
Threat intelligence: Aggregated real time threat signatures and intelligence collected worldwide to quickly identify indicators of compromise.
-
Monthly reporting: Monthly asset reporting and vulnerability reporting.
-
Server and service availability: Monitor critical servers and services for availability.
-
Network intrusion detection: Catch threats targeting your vulnerable systems with signature- based anomaly detection and protocol analysis technologies. Identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.
-
Database log collection: Event logs from servers and other critical assets.
-
Vulnerability Scanning: Regularly scheduled vulnerability scans of networked assets.
-
Host IDS and file integrity monitoring: Analyze system behavior and configuration status to track user access and activity. Detect potential security exposures such as system compromise, modification of critical configuration files (e.g. registry settings,/etc./password), common rootkits, and rogue processes.
-
Wireless IDS: Integrates with existing Wireless Intrusion Detection systems to monitor wireless network activity.
-
Security incident response: Incident response plan to mitigate security events.
-
Vulnerability assessment: New vulnerabilities emerge daily as your IT landscape changes, introduced by configuration errors, unauthorized software installs, unsecure endpoint devices, and much more. To keep your network secure, continual scanning of your systems and devices to detect vulnerabilities as they arise is necessary.
-
Compliance reporting: Simplify the challenging requirements of monitoring and reporting compliance for PCI-DSS, SOX, GLB, CJIS, HIPAA, NERC CIP, FISMA and ISO 27001.
* Compatible customer premise equipment required