Free from the high set-up and ownership costs and technology risks, typically associated with any in-house SIEM deployment, clients access award winning SIEM and security analytics technology combined with ongoing management, operation, configuration and fine-tuning, on-demand and completely as-a-Service. Our state-of-the-art SIEMaaS technology operated 24x7x365 is pro-actively monitoring network systems and applications looking for suspicious activity and notifying when security events require additional analysis, investigation or action. The advanced real-time correlation and behavioral analysis capabilities of our SIEMaaS platform identifies the relevance of any given event by placing it within context of who, what, where, when and why that event occurred, in order to derive its impact on business risk terms.
Logs from multiple sources, such as IDS/IPS, network devices, servers, applications and databases are cross-correlated between each log source as well as against Threat Intelligence data in order to identify incidents that are happening in real-time. Threat Detection services are delivered to the client utilizing a vast library of optimized correlation rules and behavior analysis/profiling use cases called “Deep Security Event Correlation” providing unprecedented Situational Awareness capabilities and potential to respond to Security Incidents.
Our agentless, scalable, multitenant, cloud based architecture allows seamless and rapid integration with state of the art Data Centers and Security Operating Centers that ensure continuous and uninterrupted monitoring (24/7/365) of your infrastructure as well as Security Emergency Response on Security Incidents. Clients simply forward their logs/events to the restricted and classified private-cloud, based on mutually agreed Rules of Engagement and a service-level agreement (SLA) for event alerting.
A single SIEMaaS delivery console allows clients to visualize, analyze and manage risks in real time. Our easy-to-use service delivery portal allows users to drill-down and pivot on an asset, incident, or user to better understand the nature and importance of any security event. Graphical dashboards are fully customizable and users can select a wide range of pre-built reports. All the operations are collaborative and delivered to our Clients through a full-featured Case Management System where all incidents are tracked from identification to resolution.
The reporting capabilities of the package include reports produced on daily, weekly and monthly basis. Customization of the reporting is offered based on the Client’s requests. Granular and role based real-time dashboards and reports are also tailored and delivered as part of the service, providing a multi-dimensional view of the operations taking place, as well as Key Performance Indicators (KPIs) that ensure our service is delivered in strict accordance to each SLA.
SIEMaaS is enriched and integrated with our unique and proprietary HARDCORE© content that enables advanced and in-depth analysis of large amounts of log data allowing client organizations to discover, visualize, and communicate meaningful insights from a variety of sources along with a complete eco-system of Threat Analytics incorporating amongst others, external intelligence, social media monitoring, Malware and APT protection and analytics.
Step-by-step guidelines and configuration instructions are provided to the Client for each of the log sources that will be OnBoarded in the Service along with Logging Level Optimization support to allow the clients to fine-tune the logging capabilities based on the specific architecture and needs of each critical system.
At a Glance:
- Complete and Pure SIEM as a Service
- Fully managed HP Arcsight SIEM in the cloud
- 24/7/365 Automated Alerting and Notification
- Access to Web Portal with easy to use dashboards and reports
- Customized event notifications, use cases and correlation rules
- HARDCORE© content
- Subscription based, on Demand Pricing based on GB/Day