AlienVault Managed SIEM MSIEM and Managed Security Services
Managed SIEM MSIEM AlienVault and Managed Security Services MSSP
- Event logs are incomplete
- Event logs are not parsed correctly
- Alerts are not tuned to exclude false positives
- Alerts are not updated with security intelligence from external threat feeds
Any of these reasons can lead to a security breach and costly inefficiencies. Ignoring and delaying patches, updates and other routine security and maintenance tasks will also cause threats to wreak havoc, which regular scanning will help identify. The AlienVault Managed SIEM as a Service is a great way to get existing implementations healthy and fined tuned. The MSIEM for AlienVault can also be used to supplement staffing and train operators. Increasing volumes and the sophistication of threats are significantly increasing the importance of a healthy SIEM. A qualified security engineer will not only reduce the number of staff required to man a SIEM, but will also configure the SIEM so it requires less staff. Companies and industries with valuable assets typically attract highly skilled attackers and have significantly more attacks, which further compounds the importance of a SIEM.
Any of these reasons may be a good reason to consider a Managed SIEM as a Service is the only viable option.
Managed SIEM Services Process:
- 24X7X365 monitoring of alerts, alert opens ticket in ServiceNow with alert details.
- SOC engineer assesses alert and combines related alerts to same ticket. Alerts are categorized and responded to in order of criticalness, according to impact on business.
- Offense data is extrapolated from alert into Incident Response Platform to quickly analyze
Our SOC operators continuously optimize customer’s AlienVault SIEM (on customer premises or in the Cloud) to trigger alerts for real security threats to achieve zero false negative goal. The AlienVault SOC team does not simply forward alerts like other MSSPs, they identify all associated log sources that should be included in the incident, as well as investigate the raw logs to confirm the SIEM is receiving and correlating all the data correctly. SIEM alerts are fully investigated with deep threat hunting, network and user anomalies are analyzed for malicious intent, incident responses are initiated for remediating threats, and containment and protective actions can be implemented at client’s request.
SIEM operator experience is critical, but just as important is expertise with your security defenses. Our security engineers are experts on many vendor product lines, and can make proactive configurations changes upon customer’s authorization. Our security engineers can ensure all necessary security changes are implemented to stop the threat in its tracks and prevent similar breaches from occurring in the future. All relevant incident content discovered and created is provided to the customer, including recommended remediation steps. Our AlienVault SIEM and security engineers will work as an extension to your IT staff or work alongside them to co-managed security and simply provide assistance.
All customer data and event logs remain in customer’s environment (on premises, on customer owned cloud or like infrastructure that has already been procured by customer). All AlienVault SIEM patches, upgrades and other maintenance task are managed by our SIEM operators. All MSIEM contracts and SOW’s are written based on customer requirements.
Other Managed Security Services sold as MSIEM add-on services and sold separately are as follows:
Managed firewall (and WAF)
Endpoint protection (EDR)
Cloud application security (CASB)
Identity and access management (IAM)
Access control (NAC) and privileged access management (PAM)
Vulnerability scanning and management
Data loss prevention (DLP)
Security Orchestration, Automation and Response (SOAR)
Network Architecture Planning and Restructuring
Consulting for various Data Protection, Privacy and Regulatory Compliance
All our QRadar, AlienVault, Splunk and Exabeam Managed SIEM services include event log normalization, analyzing and identifying true threats (threat hunting), responding to security incidents, creating reliable alerts, applying company business rules, creating custom dashboards, tuning SIEM (resolving false alerts), delivering actionable security intelligence, providing recommendations and steps for remediation. Weekly and biweekly meetings and reports are provided for service assurance, performance, change management, incident management, configuration management, release management and general system health.