Consulting
Services
IT & Security consulting. Are you not sure if your current setup is the right one for you? Do you need assistance in evaluation, security consulting or penetration testing? We offer our services at competitive prices for Managed Security clients and customers of other Security services
Managed Security
Standard
Security Information and Event Management (SIEM)
Get full visibility of your data, automate detection of threats, enrich you anomaly detection. Add MDR-service for full protection.
Managed Security
Enterprise
Security Information and Event Management (SIEM) + Endpoint Protection (EDR).
A security setup which offers full autonomous protection – everything that is covered in Managed Security Standard +
Learn more
SIEM Essentials vs. SIEM Standard
Compare the features of our SIEM as a Service solution or enrich SaaS with business supporting expert services. Our SIEM Essentials and SIEM Standard solutions are provided as a fully maintained SaaS solution, so you gain organization-wide visibility and security intelligence, quick deployment, unlimited scalability and evolving security. There are no platform licences or data source limits. To learn more about our offerings and to discuss your needs in detail, call us on:
+31 6 2919 4554
| SIEM Essentials | SIEM Standard | |
|
Windows logs detection and traceability for all Windows infrastructure, including data parsing and normalization to achieve cross-cutting within analyse
|
||
|
Linux logs detection and traceability for all servers, including data parsing and normalization to achieve cross-cutting within analyse
|
||
|
Log detection and traceability of device sources (firewalls, switches, routers..). Possibility to include the IDPS-solutions and Antivirus scanners in to the holistic security monitoring
|
||
|
Log detection and traceability of cloud services (e.g. AWS, G-Suite, Azure/O365), and common container platforms
|
||
|
Holistic log management providing data storing as JSON format, powerful search, filters, queries and report creation, data compression, long-term archiving, built-in integrations e.g. to Client’s or third party ITMS systems, fetching security data from cloud services, APIs for data leverage in other Security Analytics systems
|
||
|
Rich reporting capability to all normalized data from all data sources, correlation rules with alerting logic, cross-sectional analysis of vulnerabilities through the whole data mass. SIEM is open for Client’s own security analytics, correlation rules, configuration assessment policies. |
||
|
Automated asset discovery and passive network scanning e.g. for MAC address spoofing, TCP / IP traffic analysis, IP header analysis. Discovery provides information of network connected assets, installed software, running services, system versions, patches etc. Also, cloud and container assets are discovered within the capabilities of API’s |
||
|
Automated vulnerability assessment run analysis to identify known threats and vulnerabilities against continuously updated CVE knowledge basis. Vulnerability scanning helps to detect, correct and anticipate security vulnerabilities in business systems. |
||
|
Configuration assessment monitors the configuration of system and application settings, and alerts in case of violation of set policies, standards or other hardening rules, or when detects of known vulnerabilities, missing patches or security settings. Assessment tool provides the suggestions for system remedies.
|
||
|
Host-based Intrusion Detection (HIDS) perform continuous analysis of target systems, exposing eg. hidden processes, rootkits, recognizing intrusion patterns, intrusion indicators, unregistered network listeners, malware, inconsistencies in system call responses.
|
||
|
File Integrity Monitoring (FIM) continuously follows the file system for detecting the compromised services and threats. FIM identifies e.g. changes in content, permissions, ownership, and attributes of files as well as identifies users and applications used to create or modify files.
|
||
|
Intrusion Detection in Cloud (CID) analyzes security data provided by Azure, AWS, and Google services, monitor infrastructure configuration, and identify security vulnerabilities. Similarly, CID monitors Docker host and container processes, network settings, disk, and analyzes runtime data anomalies and security threats.
|
||
|
Endpoint Detection and Response (EDR) provides the target systems can run automatic countermeasures related to e.g. to prevent cyber-attacks, hijacking user accounts, blocking malware, or isolating infected files. In addition of internal logic, threat and anomaly identification utilizes external threat knowledge basis, along with recommended measures to counter the threats as part of EDR’s countermeasure logic. The EDR functionality adds to the security of Customer’s existing Antivirus and IDPS tools.
|
||
|
Regulatory Compliance leverages the runtime data collected to support the monitoring of common compliance rules (e.g. PCI-DSS, GDPR, NIST, HIPAA) and the reporting of detected deviations from all systems within SIEM. Alerts include references to the sections of the compliance code that are affected by deviations.
|
||
|
Security Orchestration, Automation and Response (SOAR) collects threat identification and metadata from HIDS, CID, and FIM sources for MDR (Managed Detection & Response) expert analyse. With integration to log management it compiles data for automated threat analysis, processes workflows and responsibilities for security expert, IT team and other parties.
|
||
|
SaaS environment built on ISO 27001 certified data center contains always enough I/O capacity and data volume, and provides security, scalability, maintenance, evolvement and backup included, SSO support over modern IdP sources, auditing SIEM usage, separating log indexes, reporting, tools for user groups. System updates and maintenance included in SLA.
|
