Transcription
Caretower’s SIEMManaged SecurityServicesEnterprise Security ManagerMSS -TRUE 24/7 ServiceI.T. Security SpecialistsCaretower’s SIEM Managed Security Services1
Challenges &SolutionChallengesDuring recent times, organisationsall over the globe are facing manychallenges irrelevant of size orvertical when it comes to SecurityInformation and Event Management(SIEM) solutions.Advanced persistentthreatsMany organisations have implemented a defencein depth strategy around their critical assets usingAPT, firewalls and IDS/IPS at the perimeter, twofactor authentication, internal firewalls, networksegmentation, HIDS, AV and as well as othertechnologies. All of these devices generate a hugeamount of data, which is difficult to monitor. A securityteam cannot realistically have all these dashboardsopen and correlate events among several componentsfast enough to keep up with the packets traversing thenetwork.2Zero-day threatdetectionNew attack vectors and vulnerabilities are discoveredevery day. Firewalls, IDS/IPS and AV solutions alllook for malicious activity at various points within theIT infrastructure, from the perimeter to endpoints.However, many of these solutions are not equipped todetect zero-day attacks.Operation supportThe size and complexity of today’s enterprises isgrowing exponentially, along with the number of ITpersonnel to support them. Operations are oftensplit among different groups such as the NetworkOperations Centre (NOC), the Security OperationsCentre (SOC), the server team, desktop team, networkteam etc.Each with their own tools to monitor and respondto events. This makes information sharing andcollaboration difficult when problems occur.ComplianceForensicsAlmost every business is bound by some sort ofindustry regulation such as PCI-DSS, GPG13,ISO27001/2, HIPAA, SOX. Attaining and maintainingthese regulations is a daunting task. Virtually everyregulatory mandate requires some form of logmanagement to maintain an audit trail of activity.Not only must a forensics analyst interpret log data todetermine what actually happened, the analyst mustpreserve the data in a way that makes it admissiblein a court of law. Since log data represents thedigital fingerprints of all activity that occurs acrossIT infrastructures, it can be mined to detect security,operations and regulatory compliance problems.Caretower’s SIEM Managed Security Services
Whether it is the challenges of managing manydisparate devices across different locations or havingto face a cyber attack in the ever growing threatlandscape, systems are compromised and affected withdata being taken, along with the complexity of adheringto and maintaining industry driven compliances. Thesefactors are major concerns for businesses as they aredifficult to combat which need to be addressed andovercome in an effective and timely manner.SolutionCaretower’s Security Information andEvent Management (SIEM) servicecollects, analyses and stores logsfrom networks, hosts and variousapplications. SIEM allows clients to:ÎÎ Collect logs from multiple locations into a centralsystem: This enables numerous receivers to feedinto one central system for monitoring and reporting.ÎÎ Summarise key incidents: Critical events andalarms are reported to the client, in turn decreasingthe period and resource.ÎÎ Correlate critical events: A pro-active holisticapproach that ensures threats are identified whereindividual devices alone may not detect them.Caretower’s Vendor AgnosticMS SIEM ServiceExisting SIEM SolutionCustomer NetworkÎÎ Report on incidents: A full reporting engine anddashboard is built into the Caretower’s MSS SIEMservice, providing clients with a real-time visibilityand historic reporting activity.ÎÎ Take immediate and suitable remediationactivities: This minimises the implication of threatson our client’s network and allows our IncidentResponse Team to take immediate ower’s SIEM Managed Security Services3
SIEM ManagedSecurity ServicesSIEM Managed Security Services ArchitectureIn the architecture diagram below, multiple receiversfrom multiple locations collect logs from variousdevices and ELM (Enterprise Log Manager) and ESM(Enterprise Security Manager) fetch these logs from theSituational Awareness andAdvanced Correlationreceiver periodically. ELM Stores the RAW logs mainlyfor compliance purposes and ESM uses normalisedlogs for reporting, correlation and alerting.Real time Risk Based Alertingand RemediationAd-hoc and Scheduled ReportsCentralised Overview, Analyse, Alert and Report (ESM - Enterprise Security Manager)Enterpise Log Manager (Raw Event Archive)Receiver ocation AEndpointsWe can host the solution or the solution can residewithin our customer’s network. We wrap our servicesaround either option which offers flexibility ofarchitecture and management. We monitor securityevents 24/7 and provide in-depth security expertise. Wealso provide reports on spot-patterns across a numberof customers to provide advanced warning on newthreats.Caretower’s SIEM Managed Security ServicesNetworkDevicesSecurityDevicesLocation BSIEM Managed SecurityService4Receiver CReceiver BMobileDevicesServersLocation CÎÎ Proactive managementÎÎ Run by dedicated and industry leading certifiedsecurity engineers (GIAC Certified Forensic Analyst)– GCFAÎÎ SOC Engineer’s vendor certifiedÎÎ Escalation from tier 1 to tier 3 engineersÎÎ 24/7 x 365 SOC coverÎÎ Fully ISO27001 accredited SOC
ÎÎ Service based on ITIL3 frameworkÎÎ Customer oriented, process driven and servicedrivenÎÎ Transition, incident, problem and changemanagementÎÎ Portal access for incident and change managementÎÎ Multiple logins available for customer staffÎÎ Change requests initiated by SOC or by thecustomerÎÎ Incident tickets raised in management systemautomatically or manually via web portalÎÎ Different SLAs are implemented for traditionalsupport (change requests, patching, upgrading,etc.) and incident response (advice on alerts) andwork through a remediationÎÎ Remediation plan and infrastructurerecommendationsÎÎ Change requestsÎÎ Fully logged and reports for audit trailMinimise OperationalExpenditureÎÎ Improve productivity/effectiveness of the solutionÎÎ Email notification of tickets raised and updatedÎÎ Maximise your investmentsÎÎ Bi-weekly/monthly reports generated for customersÎÎ Help achieve complianceÎÎ SLA - Measurable Escalations – industry leadingSLAsÎÎ Traditional monitoring and supportÎÎ Incident Response - SANS (SysAdmin, Audit,Networking, and Security)ÎÎ Offer agility and flexibilityÎÎ Maintenance of rules and reportsÎÎ Reduce Internal Resource and Training CostsIncident ResponseÎÎ Gives you peace of mind that your security is safelymanaged by a team of experts 24 hours a dayÎÎ Receive alerts in real-timeValue to CustomersÎÎ Perform forensic investigationÎÎ Improve your security posture within yourenvironmentÎÎ Provide security reports with expert advice withinSLAsÎÎ SLAs depend on the business impact for theinbound alerts.ÎÎ Threat AwarenessÎÎ Real-Time TrendingÎÎ Proactive Maintenance and MonitoringÎÎ Risk MitigationCaretower’s SIEM Managed Security Services5
Recommendations tocustomersCustom and compliancereportsÎÎ Deploy Base-Line configuration based on NIST Top20 Security ControlsÎÎ Implemented during the design phaseÎÎ Based on common IT security best practicesÎÎ Maintained later on by the Security OperationsCentreÎÎ Perform accurate tuning of the correlation engine/rule’s based on the customer’s specific usecasesÎÎ Based-lined configuration supportÎÎ Tuning of the out-of-the-box featuresSIEM or MSsP? - comparing capabilitiesFeaturesMonitors log eventsHelps attain regulatory complianceSIEMMSSP Flexible service deliveryProvides 24/7 analysis by security analystStores logs off-site in forensically-sound facility*Provides security intelligence and expertise as part of thesolutionBuilt-in disaster recovery and business continuity planning(DR/BCP) Predictable fixed cost May require additional infrastructure (server, networkdevices, storage, etc.) *Optional store raw log data on customers’ premises, which may involve additional cost, and where it may not beprotected against alteration or theft.6Caretower’s SIEM Managed Security Services
Benefits of Caretower’sSIEM Managed SecurityServiceSpeed ofImplementationOur SIEM Managed Security Service seamlesslyintegrates with your network and can be up runningwithin days, not months. We deliver instant resultsthrough visibility of events and analyse on a livedashboard with in-depth reporting.SimplifiedComplianceOur SIEM Managed Security Service enablescompanies to fulfil their compliance requirements byproviding you with on demand, enterprise-wide reportsthat demonstrate the security status of your systems.The SIEM service can provide auditing against thefollowing industry standards (e.g.):ÎÎ PCI DSS ComplianceÎÎ ISO 27001ÎÎ Protective Monitoring (GPG13)ÎÎ SOXÎÎ HIPAAFlexibleDashboardsand Robust ReportingOur SIEM Managed Security Service brings youcomprehensive technical, operational and trendreports that communicate security status and satisfycompliance requirements. Dashboards are availableout-of-the-box and Caretower delivers customisabledashboards to each and every customer based on theirrequirements.24/7 CaretowerSecurity OperationCentreOur SIEM Managed Security solution allows you to bea SIEM user, not an administrator. This means that youhave access to SIEM to view the data and run requiredreports whilst maintaining a certain level of privileges.The SIEM service is constantly monitored by our 24/7Security Operations Centre where the team will carryout monitoring, management and incident response tosecurity events and alerts.ÎÎ PSNWhy Caretower?As an independent IT security specialist, with over 17years experience, Caretower provide comprehensivesolutions to individual problems, thus allowing ourrecommendations to be unbiased. Over the years,we have quickly established many long standingrelationships with all of our vendors, achieving thehighest status within these organisations based on thelevel of expertise within our internal sales, support andprofessional services teams.their on-going security management strategy.This relationship ensures we provide our customerswith key changes within the industry which assists inÎÎ We are CSA (Cloud Security Alliance) member andISO 27001 AccreditedÎÎ To provide live 24/7 McAfee SIEM Managed Servicein EuropeÎÎ Dedicated GIAC Certified Digital Forensic SecurityEngineers (SANS (SysAdmin, Audit, Networking,and Security) Institute)ÎÎ Full-onsite and hosted architecture options,depending on your requirementsCaretower’s SIEM Managed Security Services7
Get in touch:020 8372 1000info@caretower.comwww.caretower.com
Î To provide live 24/7 McAfee SIEM Managed Service in Europe Î Dedicated GIAC Certified Digital Forensic Security Engineers (SANS (SysAdmin, Audit, Networking, and Security) Institute) Î Full-onsite and hosted architecture options, depending on your requirements Î We are CSA (Cloud Security Alliance) member and ISO 27001 Accredited
