Security Information and Event Management SIEM
Security information and event management (SIEM) is an approach to security management that combines both SIM (security information management) and SEM (security event management) functions into one security management system.
A SIEM system aggregates relevant data from multiple sources, identifying deviations from the norm and taking appropriate action. Being able to look at all security-related data from a singular view makes it easier for companies to detect patterns that are out of the ordinary.
SIEM systems can log additional information, generate an alert and instruct other security controls to stop an activity’s progress. Advanced SIEMs can include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR).
Payment Card Industry Data Security Standard (PCI DSS) compliance was the original driver for SIEM in large enterprises. Concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer.
Your data from different viewpoints
By being able to produce relevant data in multiple locations and being able to look at all the data from a single point of view, a SIEM makes it easier to see problems and potential security issues or data breach risks.
Affant’s Security Information and Event Management service is always connected to your devices and collects activity log data. Our system logs and creates transaction records that are collected, centralized and then reviewed.
Affant’s SIEM Services is there to protect you
Whenever a change is detected, it creates an incident and notifies the administrator about the change.
With this intelligence, the administrator can keep track of any unauthorized changes such as:
- Compromised hosts
- Brute-force logins
- Concurrent authentications to the same account from multiple countries
- Malware found but not remediated
- Rootkits found
- Remote desktops from the internet
- P2P traffic identified
1 Hour Detection Reporting
Affant continuously monitors for threats as presented by the SIEM. If an incident is received, Affant gathers and documents the necessary context and activity logs required to investigate and perform the notification. Notification is sent to you within 1 hour from the time of the initial detection.
Affant is responsible for detecting network anomalies and sorting out the bad traffic patterns from among the large false positive bad traffic patterns that show up on our screens hourly.
Ongoing tuning is included in the service and provides an improvement in report data quality.
Technical Support and Monitoring
Affant provides support for troubleshooting and resolution for the local appliances that are monitored by Affant’s Security Services Team.
In addition, a web-based ticketing system to support tickets, track, and provide correspondence for any support related issue.
Affant remediates issues related to the local appliance, identified either via monitoring and notification, or those initiated through contacting the Service Desk.
A field technician is dispatched if the issues cannot be resolved remotely.
For a fixed monthly guaranteed fee, Affant provides the focus, depth, and security services you need for today’s risky IT environment.