SCHEDE SIEM security Event Correlation eng - Business … · 2016-08-22 · Title: Microsoft Word -...
Transcript of SCHEDE SIEM security Event Correlation eng - Business … · 2016-08-22 · Title: Microsoft Word -...
Security Event Correlation Cyber Security Managed Services
Rev.20160708
Business-‐e Spa A company of the Itway Group specialized in Information Security. Thanks to strategic partnerships with the best Vendors at a global level, we supply consultancy and services on the security of networks, systems, applications and contents (back-‐up and recovery); on user identity management and accesses; on protection of data and Information; and on optimizing data centres and network infrastructures. A key aspect of our strategy, and what strongly distinguishes us on the market, are Cyber Security services supplied through SOCs based in Italy with Italian certified personnel. For this reason we are the only Italian company cited in the Gartner Magic Quadrant for Managed Security Services Providers (MSSP).
Security Event Correlation Through Security Information and Event Management (SIEM) all LOGS produced by the monitored devices and software are analyzed and the correlation is carried out in real time in order to punctually detect targeted attacks (Security Event Management) and violations of data (Security Information Management) The Security Analyst team will analyze alerts transmitted by the SIEM solution. Thanks to the on the field experience, the sources of information and the available information, it will be able to assess the risk level associated with the events received by the SIEM and to transmit the related alert with an eventual remedy. The service is based on five fundamental steps:
1. Analysis of the technological scenario and the business of the client
2. Device management through the integration of systems and correlation analysis
3. Intelligence on the related information.
4. Real-‐time Monitoring
5. Transmitting alerts according to time schedules with flexible SLAs
SIEM: Who is it for? The service is both for companies that don’t have a SIEM technology and those that are already equipped with an in-‐house system but would like to manage it in outsourcing.
The service can be supplied:
1. As a Service
Analysis and monitoring by transmitting logs to the Business-‐e SIEM.
2. On Premise Optimizing capex costs by managing the already installed platform. Time schedule The SIEM service can be supplied in different time periods:
ü Business Hours ü Non Business Hours ü H24 ü Custom
Flexible SLAs Several delivery SLAs are possible, also very stringent ones, depending on one’s needs.
Advantages
Experience on different SIEMs The Security Operation Center (SOC) of Business-‐e uses qualified personnel with expertise on different SIEM technologies:
ü Alien Vault ü RSA ü Sentinel ü Splunk ü IBM QRadar ü Intel Security
Easy access to information All information collected through the SIEM Intelligence service can be seen through a dedicated portal. Transmitting Structured Reports ü Event driven
For events classified as High ü Monthly
Including a summary of the relevant events of the month
Security Analyst experts in charge of Intelligence Security technologies work based on information they intercept. Focusing all information deriving from all security infrastructures implemented and correlated with one another allows to significantly enhance the security level.
1
2
3
4