Look Below the Surface of Alerts
Security Information and Event Management (SIEM) have long held the promise of dealing with the millions of alerts generated in a typical security environment. But collecting and storing alerts is just the first step. Deciphering which events are high priority versus simply “noise” is the ongoing challenge. And as alert volume increases, the challenge only gets worse. For many organizations, the cry for help is long overdue.
Service Levels to Meet Your Needs
GoSecure Managed SIEM comes in two service levels, Basic and Managed.
|SERVICE LEVEL DESCRIPTIONS||BASIC||MANAGED|
GoSecure is responsible for handling maintenance windows and recommend the best approach to minimize the impact on service.
|Yearly Service Review
Once a year, license, configuration and service are reviewed to ensure proper use and cost of the service.
|Monthly GoSecure Report
A recommended monthly report created and maintained by GoSecure, gives an executive view of multiple security aspect.
Quarterly meeting included to discuss and review change requests and generic use cases questions.
|Basic Security Package
Up to 20 use cases, 5 reports and 1 dashboard pre-defined by GoSecure can be enabled.
|Self-Service Console (Multi-User Access)
User access list maintained and reviewed continuously.
|On-Demand Solution Support
On-demand support constitutes any custom feature, request, investigation.
*There is no SLA for on-demand, a minimum of 4 hours will be charged (hourly rate)
|Managed Use Cases 24x7
High confidence and high risk use cases are monitored and managed by GoSecure 24/7. All action and recommendations are custom built within a basic runbook to ensure tracking, documentation and standard procedures.
In business hours, change requests can be made on the dashboard, use cases and reports. These requests allow analysts and managers to remove false positives and adjust the contextual data of the SIEM.
Monthly meeting included to discuss and review security events and improve SIEM use cases.
To use proper reaction to use cases, a basic runbook is created and maintained by GoSecure. This procedure base document allows all team members involved to take action accordingly based on an approved process.
Beyond the Basics
Using the Splunk platform, GoSecure provides real-time situational awareness around security logs, facilitating effective and efficient event analysis and incident response. Heightened situational awareness comes from creating a usage profile of infrastructure assets, configuration changes, asset-to-business service mappings, user discovery, and many other data points.
In addition to the default use cases offered by the SIEM platform, GoSecure has leveraged its Red Team and Blue Team specialists to create its own set of custom, vendor agnostic, use cases that are deployed as part of our onboarding process. The GoSecure use cases are the product of GoSecure’s years of operational experience as well as our alignment with Mitre’s ATT&CK Matrix. The objective of these is to enhance the detection of malicious behavior, while limiting false positives. In addition, GoSecure’s team of specialists can create tailored use cases for specific client needs whether they be for fraud detection, access detection or any other event that requires heightened visibility.
Adding an experienced management layer over a SIEM from industry leader Splunk can result in astounding security gains. Whether by the internal security team, or the GoSecure Active Response Center, events that require attention are identified quicker, resulting in faster breach detection and mitigation. With dwell time still reaching months for most organizations, speed is of the essence. GoSecure Managed SIEM allows you to accelerate your security posture.