Security Information and Event Management (SIEM)
Real-time security monitoring with flexible service levels
Managed security monitoring
Improving security and delivering business outcomes
Effective security information and event management (SIEM) is vital for every business, allowing them to improve their security posture and deliver on key business objectives.
But managing a SIEM tool can be resource heavy, leading to many businesses struggling to keep up with the skills needed to make the right decisions.
This is where our managed security monitoring service, with tailored support options, can take away the pain and let you concentrate on what matters most – your customers.
Our services
Tailored support
Security compliance, visibility of threats, and posture reporting all depend on real-time security monitoring – and that only comes when structure is applied to your IT and security logs. However, a combination of increased cyberthreats, the security skills gap, and the level of management a SIEM tool requires often results in companies making the difficult decision to de-prioritise their security monitoring projects.
How our managed security monitoring can help:
Audit and report compliance with industry regulations and guidance including GDPR and PCI-DSS.
See external and insider threats across the workforce and supply chain.
Gain reportable assessments of your security posture to support cyber strategies.
Commitment
Our commitment to you
We understand that meeting a service level doesn’t always guarantee that you’ll be satisfied, so we take a different approach that we call an ‘eXperience Level Agreement’ (XLA). This factors in how you feel about the experience you receive, beyond the outcome we deliver.
Whether you need clearer visibility of threats, the ability to demonstrate industry compliance, or require a clear and reportable picture of your security posture, we can design a service to meet your needs.
Support
Two levels of support
We combine the best SIEM technology with people-centric persistence to deliver key business outcomes, through two flexible service options:
This service is ideal for organisations that want to manage their own SIEM solution, but with the confidence that they have a team of experts available to help with setup and ongoing support. Working with you, we will:
- We will setup your SIEM instance.
- We will setup Log ingestion, a process to forward messages to the SIEM instance, ensuring that the forwarded messages are correctly tagged with the information need to analyse Threats.
- We will configure Rules and platform logic to create Signals, a collection of alerts, identified through pattern and threat intelligence matching from the logs being ingested.
- We will setup actionable Insights, a collection of enriched user and network contextual information to help prioritise and focus on the threats that matter the most when investigating incidents.
- We will configure dashboards and metrics, ensuring that you focus on the essential information.
- We will configure and integrate alerting with your email, ticketing system and messaging systems.
- Once configured, we will hand over your SIEM solution and provide ongoing support.
Everything you get with Supported as a Managed Service, plus:
- Review and prioritisation of actionable insights, investigating details to determine the type and severity of a threat to determine the action that needs to be taken.
- Management of rules to ensure your SIEM solution setup is tailored to your organisation.
- Incident response tailored to your organisation.
- Daily checks to review log ingestion, signal generation and actionable insights, ensuring your SIEM instance is configured and functioning correctly.
- Weekly in-depth reviews and fine tuning of your SIEM instance to improve your security posture.
- Monthly usage to appraise how logs are being ingested, ensuring the most efficient use of your instance.
- A monthly summarised report comprising of data volume, signal categories, actionable insights, and incidents seen in the previous month with advice where applicable to pre-empt potential areas of compromise or attacks, and any new feature or enhancement that has been made available during that period.
Service attribute | Supported | Managed |
|---|---|---|
| SIEM instance setup |  | |
| Log ingestion setup | | |
| Rule configuration | | |
| Actionable insight setup | | |
| Dashboard setup | | |
| Alert configuration | | |
| SIEM support | | |
| Monthly checks | | |
| Reports | | |
| Threat investigation | | |
| Rule management | | |
| Daily and weekly checks | | |
| Incident response | |
Contact us today to discuss your needs
