Collecting log data is already an important step, but having the right analytics and reporting is vital to being able to transform it into understandable, actionable security intelligence. We provide real-time incident identification and notification and actionable reports to give you full visibility of your security posture and ease the regulatory compliance reporting process.
Once log data is collected as part of our Log Collection Service, events are then correlated as part of the Incident Identification & Notification Service. The correlation stage is based on the devices you choose to include under this service and is set up according to rules that are specific to your environment. Rules will be determined according to trends across historical, vulnerability and statistical data, for example you might want to receive an alert if building access occurs when the same user is logged on to the network in a different location.
In the event of a critical incident occurring, you’ll immediately be notified automatically. Alerts can be set up to be received by email or SMS. We’ll provide standard resolution suggestions to assist your team to contain and remedy violations.
As with the Log Collection Service, up to 5 standard reports will be provided per month with a further 2 custom monthly reports available as per your requirements.
Service features and benefits include:
- Comprehensive View of Overall Security Posture, Vulnerability, and Incident Trends
- Event Data Correlation
- Real-time Incident Identification
- Automatic Incident Notification
- Standard Incident Resolution Recommendations Based on Industry Best Practice
- Basic Automated Reports: 5 standard reports are provided per month. Basic templates relating to specific compliance standards e.g. Sarbanes-Oxley, HIPAA, FISMA, GLBA, and PCI-DSS are available.
- Custom Reports: 2 custom reports will be provided per month. These can be compiled for analysts, operators or executives.
- Decreased Time and Resources Required to Maintain Compliance.
Our Incident Identification and Notification Service is an upgrade to the Log Collection Service, which is therefore mandatory if this service is required. Pricing for these services is based on a per device model.
For fully Managed SIEM, view our Managed SIEM service.