Security Information and Event Management SIEM

Security information and event management (SIEM) is an approach to security management that combines both SIM (security information management) and SEM (security event management) functions into one security management system.

A SIEM system aggregates relevant data from multiple sources, identifying deviations from the norm and taking appropriate action. Being able to look at all security-related data from a singular view makes it easier for companies to detect patterns that are out of the ordinary.

SIEM systems can log additional information, generate an alert and instruct other security controls to stop an activity’s progress. Advanced SIEMs can include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR).

Payment Card Industry Data Security Standard (PCI DSS) compliance was the original driver for SIEM in large enterprises. Concerns over advanced persistent threats (APTs) have led smaller organizations to look at the benefits a SIEM managed security service provider (MSSP) can offer.

 

Your data from different viewpoints

By being able to produce relevant data in multiple locations and being able to look at all the data from a single point of view, a SIEM makes it easier to see problems and potential security issues or data breach risks.

Affant’s Security Information and Event Management service is always connected to your devices and collects activity log data.  Our system logs and creates transaction records that are collected, centralized and then reviewed.

Core services provided by Affant SIEM services:

 

  • Deploys multiple collection agents to gather security-related events from end-user devices, servers, network equipment.
  • Assembles and store log files to facilitate real-time analysis, and enable security personnel to take defensive actions more quickly.
  • High severity notifications are automatically sent to our specialists
  • Collection of data into a central repository for trend analysis and anomaly reporting.
  • Provides automated SIEM reports that help compliance managers confirm they are meeting an organization’s compliance requirements.
  • Discovery module that monitors the start-up and running configuration from the network devices such as routers, firewalls, and switches over a historical period.
  • Regular updates to security rules that allow addressing of the latest threats
  • Performs once-a minute monitoring of your entire database and infrastructure
  • Regularly issues comprehensive reports outlining daily log reviews

Affant’s SIEM Services is there to protect you

Whenever a change is detected, it creates an incident and notifies the administrator about the change.

With this intelligence, the administrator can keep track of any unauthorized changes such as:

  • Compromised hosts
  • Brute-force logins
  • Concurrent authentications to the same account from multiple countries
  • Malware found but not remediated
  • Rootkits found
  • Remote desktops from the internet
  • P2P traffic identified

1 Hour Detection Reporting

Affant continuously monitors for threats as presented by the SIEM. If an incident is received, Affant gathers and documents the necessary context and activity logs required to investigate and perform the notification. Notification is sent to you within 1 hour from the time of the initial detection.

System Tuning

Affant is responsible for detecting network anomalies and sorting out the bad traffic patterns from among the large false positive bad traffic patterns that show up on our screens hourly.

Ongoing tuning is included in the service and provides an improvement in report data quality.

Technical Support and Monitoring

Affant provides support for troubleshooting and resolution for the local appliances that are monitored by Affant’s Security Services Team.

In addition, a web-based ticketing system to support tickets, track, and provide correspondence for any support related issue.

Affant remediates issues related to the local appliance, identified either via monitoring and notification, or those initiated through contacting the Service Desk.

A field technician is dispatched if the issues cannot be resolved remotely.

For a fixed monthly guaranteed fee, Affant provides the focus, depth, and security services you need for today’s risky IT environment.