Embed Size (px)
Citation preview
MANAGEDSIEM SERVICESPrevention is ideal, detection is a must
Many organisations are unable to detect if they’ve suffered a cyber-
security breach meaning their data is at risk. They’re unable to spot
breach indications within an adequate timeframe which means
they can’t limit potential damage to their systems, processes and
business reputation.
Your cyber-security approach should be built on an understanding of
the activity that’s happening across your IT estate. Correctly using a
SIEM platform, to centrally collect and analyse logging information,
can provide this critical insight.
Regulations such as ISO 27001, PCI DSS and the EU’s NIS Directive
require organisations to apply and maintain a strategy that involves
security logging. However, it goes without saying that it’s in your
business’ interest to protect your data and intellectual property,
business operations and reputation.
www.proact.eu2
Proact’s Security Operations Centre (SOC) can
introduce additional strength and depth, building on
that of your internal resource. Because we’ve been
protecting customer data as part of our managed
services for over a decade, we not only have the
security skills and experience that can make a real
difference, but we’ve created a managed service that
can help organisations deal with in-house challenges
around security operations and log analysis.
Our security specialists monitor your logs 24/7 to
provide essential context and guidance into how
users are interacting with your systems. When we
spot unusual or potentially malicious behaviour,
we offer actionable intelligence and remediation
guidance so you can deal with incidents quickly
and effectively. We do this via human interaction,
not simply an automated alert, which in essence
means we work together to form a virtual incident
response team to get to the bottom of the issue.
Detect suspicious & anomalous behaviour
We notify you when there’s unusual authentication or network activity
Identify viruses/malware activity
Traffic analysis & data correlation from end-point mechanisms
Round-the-clock monitoring
Monitoring and support available all day, every day
Save time
We do the analysis and investigations, so your team doesn’t have to
Cost-effective
Cheaper than hiring & training in-house staff
BENEFITS
SIEM AS A SERVICE
Delivering business agility 3
PROACT SECURITY
Cyber threats are constant whether you’re at work or not. We can monitor
your systems 24/7.
We know what it takes to design, adopt and adhere to secure data centre practices because we’ve been doing it internally since 1994.
We’ve been protecting customer data in our data centres for over 10 years. Our Managed Cloud Services deliver data protection across on-premises, public cloud and hybrid environments.
Our platforms and processes conform with ISO 27001 and GDPR standards, and we can also deliver PCI DSS compliance.
We have Security Operations Centres in multiple locations to offer high availability.
Our security portfolio doesn’t just cover SIEM. We can help with vulnerability assessments, anti-phishing, end-point protection, privileged access management and more.
SIEM systems broaden your visibility and allow you
to develop better awareness of what’s happening
across your IT estate. A SIEM solution can help you
understand:
• Who is accessing your systems and applications
• When, and from where, access is requested
• Unusual network communications
• Potentially anomalous and inappropriate
behaviour
• Audit trails of events and activity
• The effectiveness of existing security controls
Log data is only useful when it’s correctly correlated
and analysed. Doing this in-house takes a long
time and requires specialist security skills that are
inherently expensive. Instead of investing heavily
in security resource that’s at a premium in today’s
market, you can leverage upon Proact’s security
acumen and experience for an affordable, monthly
fee. We can take away the burden of selecting
and procuring a platform, training/recruiting staff
to operate it, and the effort required to integrate a
SIEM system.
We can offer:
• 24/7 security analysis since cyber-threats aren’t
restricted to working hours
• Highly skilled security specialists complementing
your internal operations
• Exceptional service quality thanks to our proven
service delivery processes
• Vast experience acquired by managing extensive,
multi-geographic operations
WHY SIEM AS A SERVICE?
www.proact.eu4
HOW DOES SIEM AS A SERVICE WORK?
Log collection & analysis
We provide a fully-managed SaaS platform and will
analyse your logs, round-the-clock, in our SOC. Our
SaaS platform is continuously updated in-line with
new releases (to provide all the latest functionality
and benefits), and your capacity can be scaled up
or down as needed. This means we can easily add
new log sources on your behalf. All of your log data,
including new sources that we add during your
contract, will be processed through our SOC and
events will be analysed by our security specialists.
Proact’s Security Operations Centre
The security specialists in our SOC know which logs
to isolate and, crucially, when to look at them. Before
the service goes live, our team will work with you
to determine if there are any specific events that
are important to the security of your organisation.
We use our expertise to provide helpful information
regarding unusual or suspicious events. Our heritage
of delivering managed services also comes into play
here. We not only follow proven service delivery
processes, but can leverage infrastructure skills
from across our organisation to help ensure you
get the best mitigation advice.
Near real-time alerts
When potential threat activity is detected it’s
important to act quickly. The longer the threat
continues, the greater the damage that could be
caused. We investigate suspicious events and raise
incidents to the right people at the right time, so
you can respond promptly and effectively.
Dashboards
An important feature of SIEM solutions is the
increased visibility that they offer. If you want to be
able to focus upon particular areas within your IT
environment, we can create customised dashboards
so stakeholders in your organisation get a better
picture of what’s important to them.
Service reviews
As well as the remediation guidance that we offer
when there’s a security event, we also offer additional
context and advice via our service reviews. These
can provide important context into areas that don’t
meet your alert criteria, helping to improve your
overall security posture. Our service reviews are
usually a written report but our team is always
willing to have a meeting, on-site or via conference
call, to discuss your situation.
Compatibility
Our SIEM as a Service offering is compatible with
on-premises infrastructure, cloud environments
and SaaS platforms. As cloud poses new security
challenges such as reduced visibility (for instance
because of shadow IT), SIEM can play a key role
in gaining insight into cloud authentication and
access activity.
Where required we can work with you to take logs
from bespoke applications or systems you operate,
and can provide alerts on specific events.
Delivering business agility 5
SIEM AS A SERVICE ENTERPRISE
SIEM as a Service Enterprise offers all the benefits
of SIEM as a Service, but also introduces user and
behaviour analytics (UEBA) to help enhance your
detection and response capabilities. This solution
collects massive volumes of data in real-time, uses
machine learning algorithms to detect advanced
threats, and provides AI-based security incident
response functionalities so you can remediate
threats quickly and effectively.
This service also leverages peer group analysis to
compare and risk score behaviours in comparison
to the ‘norm’.
Big data platform
Ingests & processes as much information as you need, without impacting functionality
Behaviour analytics & machine learning
Applies machine learning algorithms to event data to more accurately detect threats
Threat investigation
We hunt for threats 24/7 & will investigate alerts in detail to offer you actionable intelligence & context for efficient remediation
Insider threat detection
Behaviour-based analytics & peer group analysis help to detect abnormal patterns amongst internal data sources
Cyber-threat detection
Helps identify advanced threat patterns - including those with minimal noise - such as phishing, beaconing & lateral movement
BENEFITS
www.proact.eu6
We all know that cyber-threats come in various forms,
but one actor that often gets overlooked is the insider
threat. Insider threats can be either deliberately
malicious or unwitting in their intentions, but both
can cause significant harm to your organisation.
To reduce the risk of insider threats you should
adopt a holistic approach that leverages human
and technological solutions. Our SIEM as a Service
Enterprise platform covers the technical side, and
our SOC team helps to cover the human factor
by offering insight that can help increase security
awareness across your organisation, as well as
information into specific events.
SIEM as a Service Enterprise uses its inbuilt machine
learning system to detect potentially harmful actions
from these user types:
Compromised users – Authorised users who
will likely have had their credentials stolen by a
threat actor through phishing or social engineering.
Malicious users – Users who usually have
legitimate access to your systems and intentionally
extract data or intellectual property to abuse it.
Negligent users – Users that don’t have malicious
intentions but either fall for phishing schemes or
inadvertently misuse or expose sensitive data
through careless actions.
Insider threat activity often goes undetected by
traditional security controls because these focus
on granting access to sensitive systems or data, not
how they’re being used. SIEM as a Service Enterprise
picks up on activities such as users accessing data
that has little to do with their job function, or users
copying substantial amounts of data from company
network resources.
MITIGATE INSIDER THREATS
Delivering business agility 7
Our fully-managed SIEM platform provides real-
time analysis on user behaviour. The system learns
‘normal behaviour’ based on historical activity and
peer group analysis.
Our SOC team continually assesses the data that’s
collected and risk scores the way your users are
interacting with your IT systems. Beyond this, we’ll
also offer remediation guidance on alerts like we
do in our standard SIEM service.
SIEM as a ServiceSIEM as a Service
Enterprise
Proact SOC 24/7 log analysis and threat hunting
Incident investigation and response guidance
Fully-managed SaaS platform
Customisable alerting conditions
Customisable web dashboards
Service reviews, detailed monthly reporting and guidance
3rd party threat intelligence
Log encryption, integrity and customisable retention
Platform auditing and role based access control
User entity behaviour analytics and machine learning
Advanced threat modelling
Real-time user risk reporting, peer group analysis
Full self-service report generation functionality
Data privacy masking
HOW DOES SIEM AS A SERVICE ENTERPRISE WORK?
WHAT’S INCLUDED
Collect data Enrich data Store data Apply correlation & analytics
Alerts & remediation
guidance
12 3 4
5
As a leading European data centre and cloud services provider,
we’ve been delivering secure solutions to our customers for
over 25 years. More than 3,500 customers have trusted us
with their data to date, and we use this experience to make
sure everything we do is built on secure foundations.
Our Managed Service practice has been active for more than
a decade and takes advantage of our successful heritage in
service delivery, transition and support. Using our pedigree
in the Managed Services space, where we conduct security
logging and log data analysis across 20 of our own data
centres in eight countries, we created Security Operations
Centres (SOCs) to extend our internal security capabilities
out to our customers. Our SOC function runs 24/7 and offers
a range of services to assist with the challenges posed by
enterprise security.
With advanced skills across the data centre and cloud
services, including storage, networking, public cloud and
more, we can leverage the knowledge of our accredited
experts to help maintain the highest security standards both
internally and for our customers. Our organisation has been
ISO 27001 accredited since 2013 and is also compliant with
PCI DSS security standards.
Why choose Proact’s security services?
A B O U T P R OAC T
Proact IT UK
95 Southwark Street
London
SE1 0HX
UK
Tel: +44 (0) 2038 926190
