Shearwater’s Managed SIEM Services offer end-to-end capabilities that aid in sourcing, deployment, testing, configuration, ongoing management, and tuning of solutions
Stealthy cyber attack campaigns are on the rise, having a centralised solution that collects information wherever it may be found and turns it into meaningful knowledge is indispensable to organisations.
SIEM solutions are considered the key detective technology for organisations who require a multi-pronged approach to securing their data. SIEM Solutions should be thought of as security event HQ, where weak signals or Indicators of Compromise (IOC’s) are aggregated to provide greater visibility of threats. However, even collecting the relevant information is not a simple task. The collection, categorisation, filtering, correlatation, and storage of the extensive data generated by security devices and tools is a resource intensive exercise which requires highly skilled and capable people.
Threat Intelligence Capabilities
SIEM and ELM (Enterprise Log Management) combined with global intelligence feeds allow for the cross checking of data from various security sources to detect anomalies, establish trends, adjust rules, and configure roles. This provides organisations with the insights that allow them to respond to advanced threats.
Shearwater’s Threat Correlation Services provides network visibility and insight to Advanced Persistent Threats (APT).
Alert Fine Tuning
Ensure alerts are properly configured to your environment, including alerts to compliance infringements. Our alerts and threat intelligence information are aggregated from numerous sources including the trusted SANS Internet Storm Centre and our internal Security Operations Centre.
Meet Compliance Requirements
Our approach to ELM and SIEM Management helps organisations address their compliance obligations and report on incidents, remediation, policies, and active rules to demonstrate security efficiency in an understandable way to executives, as well as, report to external auditors.
Our reports are comprehensible and actionable for all stakeholder groups. Here are a few examples of the questions that our report helps you to answer:
- Where did the attack originate?
- Who is the attacker?
- What assets are being targeted?
- How many attacks against a particular asset?
- Is that attack vector a jumping point towards other assets?
- What would be the impact on the organisation?
- What should be the response tactics and how will procedures and policies remediate that?
- Is an insider facilitating the attacks?
Procurement and Ongoing Management
Procurement and Ongoing Management includes:
- Customised deployment, management, and maintenance. We seek best of breed products from a variety of vendors.
- Device grouping, signature updates, upgrades and OS patches.
- Discovery of log source devices, and inspection of network flow data.
- Implementation of event log diversity, ensuring compliance with regulation, internal policy, and security best practices,
- Automation and compression of logs, compression and data storage for audits, ensure the logs are not tampered with, identification of accounts, which do not comply with internal policies.
- Reduce thousands of security events into a visible and manageable list of possible indications of compromise.
- Detect and track malicious activity performed over extended time periods.
- Uncover advanced threats which may be missed by traditional security tools.
- Detect insider threat.
- Support compliance initiatives such as PCI-DSS Requirement 10.