Caretower provides a managed security information and event management (SIEM) service to help organizations address challenges around security monitoring, compliance, threat detection, and incident response. Their solution collects and analyzes logs from multiple sources to correlate events, generate reports, and enable 24/7 monitoring by security experts. Key benefits include improved security posture, simplified compliance, flexible dashboards and reporting, and speed of implementation.
View this webcast to learn how you can accelerate your security transformation from traditional SIEM to a unified platform for incident detection, investigation and advanced security analysis. Understand why organizations are moving to a true big data security platform where compliance is a byproduct of security, not the other way around. More via
http://bcove.me/d2e9wpd2
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. However, organizations often have a false sense of safety when it comes to their security environments. There are countless ways that businesses are making it easier for a threat actor to find their way in undetected.
Join cybersecurity expert Bob Erdman, senior security product manager, as he outlines the most common ways organizations unintentionally put themselves at risk against threats like:
Insider attacks
Alert and console fatigue
Shortage of security staff
Misconfigurations
Excessive access
By better understanding what and where the challenges are, organizations can be better equipped to find solutions. This webinar will also highlight different strategies for mitigating risk, from specific Security Information and Event Management (SIEM) tools to employee education.
OneAudit™ - Assess Once, Certify to ManyControlCase
ControlCase covers the following:
•About PCI DSS, ISO 27001, NERC, HIPAA, and FISMA
•Best Practices and Cloud Implications for Comprehensive Compliance within IT Standards/Regulations
•Challenges in the Comprehensive Compliance Space
View this webcast to learn how you can accelerate your security transformation from traditional SIEM to a unified platform for incident detection, investigation and advanced security analysis. Understand why organizations are moving to a true big data security platform where compliance is a byproduct of security, not the other way around. More via
http://bcove.me/d2e9wpd2
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. However, organizations often have a false sense of safety when it comes to their security environments. There are countless ways that businesses are making it easier for a threat actor to find their way in undetected.
Join cybersecurity expert Bob Erdman, senior security product manager, as he outlines the most common ways organizations unintentionally put themselves at risk against threats like:
Insider attacks
Alert and console fatigue
Shortage of security staff
Misconfigurations
Excessive access
By better understanding what and where the challenges are, organizations can be better equipped to find solutions. This webinar will also highlight different strategies for mitigating risk, from specific Security Information and Event Management (SIEM) tools to employee education.
OneAudit™ - Assess Once, Certify to ManyControlCase
ControlCase covers the following:
•About PCI DSS, ISO 27001, NERC, HIPAA, and FISMA
•Best Practices and Cloud Implications for Comprehensive Compliance within IT Standards/Regulations
•Challenges in the Comprehensive Compliance Space
SecureData reveals the four foundations for SIEM
- Everything in one place
- Logs glorious logs
- Make it make sense
- Resourcing for monitoring and threat mitigation
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
Too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security while meeting compliance requirements. In this white paper, security and compliance eWPxpert Dr. Anton Chuvakin explains how to take advantage of this opportunity.
Whitepaper here: http://www.tripwire.com/register/a-pragmatic-approach-to-siem-buy-for-compliance-use-for-security/
ControlCase covers the following:
- About PCI DSS, ISO 27001, NERC, HIPAA, FISMA and EI3PA
- Components for Continuous Compliance Monitoring within IT Standards/Regulations
- Recurrence Frequency and Calendar
- Challenges in Continuous Compliance Monitoring
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
ControlCase discusses the following:
•About PCI DSS, ISO 27001, NERC, HIPAA, and FISMA
•Best Practices and Cloud Implications for Comprehensive Compliance within IT Standards/Regulations
•Challenges in the Comprehensive Compliance Space
7 Reasons your existing SIEM is not enoughCloudAccess
For many enterprises, SIEM has evolved into a ubiquitous and useful tool. It is meant to detect, correlate and alert users to potential threats. In fact, it is an excellent tool to collect and aggregate information in real-time from across the enterprise and present an actionable review of security issues... HOWEVER there are several mission critical aspects of the current generation of SIEM that don't meet modern security needs.
ControlCase will discuss compliance as it relates to new technologies including docker and container:
About docker and container technologies
Amazon Web Services docker/container compliance
ControlCase CaaS solution for Amazon
Q&A
Back in 2003, Telindus developed a business case for delivering SIEM managed security services to the enterprise market. This session sheds light on the different tooling migrations and explains in depth the different evolutions we achieved from an architecture, security operations, services and content evolution standpoint. It is geared towards application developers, architects, SOC employees, business consultants and program managers.
Security Information and Event Management (SIEM)hardik soni
Leo TechnoSoft SIEM products help's every enterprise with all security threats. Security information and event management software provides real-time visibility.
SIEM (Security Information and Event Management)Osama Ellahi
In this presentation we cover basic knowledge about siem .
-What is siem
-How It works
-Siem Process
-Siem capabilities
-Some snaps of VARNOIS(Tools that use for getting logs"LOGS aggregation" and then apply some machine algorithms to see about logs that logs are risky OR not).
There are a lot of others vendors also who provided the tools for information and event management.like QRADAR is also one of the best tool by IBM.
SecureData reveals the four foundations for SIEM
- Everything in one place
- Logs glorious logs
- Make it make sense
- Resourcing for monitoring and threat mitigation
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
Too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security while meeting compliance requirements. In this white paper, security and compliance eWPxpert Dr. Anton Chuvakin explains how to take advantage of this opportunity.
Whitepaper here: http://www.tripwire.com/register/a-pragmatic-approach-to-siem-buy-for-compliance-use-for-security/
ControlCase covers the following:
- About PCI DSS, ISO 27001, NERC, HIPAA, FISMA and EI3PA
- Components for Continuous Compliance Monitoring within IT Standards/Regulations
- Recurrence Frequency and Calendar
- Challenges in Continuous Compliance Monitoring
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
ControlCase discusses the following:
•About PCI DSS, ISO 27001, NERC, HIPAA, and FISMA
•Best Practices and Cloud Implications for Comprehensive Compliance within IT Standards/Regulations
•Challenges in the Comprehensive Compliance Space
7 Reasons your existing SIEM is not enoughCloudAccess
For many enterprises, SIEM has evolved into a ubiquitous and useful tool. It is meant to detect, correlate and alert users to potential threats. In fact, it is an excellent tool to collect and aggregate information in real-time from across the enterprise and present an actionable review of security issues... HOWEVER there are several mission critical aspects of the current generation of SIEM that don't meet modern security needs.
ControlCase will discuss compliance as it relates to new technologies including docker and container:
About docker and container technologies
Amazon Web Services docker/container compliance
ControlCase CaaS solution for Amazon
Q&A
Back in 2003, Telindus developed a business case for delivering SIEM managed security services to the enterprise market. This session sheds light on the different tooling migrations and explains in depth the different evolutions we achieved from an architecture, security operations, services and content evolution standpoint. It is geared towards application developers, architects, SOC employees, business consultants and program managers.
Security Information and Event Management (SIEM)hardik soni
Leo TechnoSoft SIEM products help's every enterprise with all security threats. Security information and event management software provides real-time visibility.
SIEM (Security Information and Event Management)Osama Ellahi
In this presentation we cover basic knowledge about siem .
-What is siem
-How It works
-Siem Process
-Siem capabilities
-Some snaps of VARNOIS(Tools that use for getting logs"LOGS aggregation" and then apply some machine algorithms to see about logs that logs are risky OR not).
There are a lot of others vendors also who provided the tools for information and event management.like QRADAR is also one of the best tool by IBM.
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Being popular is not always a good thing and here’s why: As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. The threat to mobile devices, however, is not limited to rogue versions of popular apps and adware. Threat actors are also pouncing on mobile users’ banking transactions. Android continues to be a primary target for malware attacks due to its market share and open source architecture.
Nowadays, several behaviour-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices but only about 30 percent of all Android smart phones and tablets have security apps installed.
At DeepSec 2013 Jaime Sanchez (@segofensiva) will present AndroIDS, a signature-based intrusion detection system (IDS) and intrusion prevention system (IPS) that protects your mobile phone by examining headers and contents of all packets entering or leaving it. It will raise alerts or will drop packets when it sees suspicious headers or payloads.
This open source network-based intrusion detection/protection system is being presented as a solution that will provide a high return on investment based on visibility, control, and uptime.
It has the ability to perform real-time traffic analysis and packet logging on networks, featuring:
Protocol analysis, focusing on the examination of values within IP, TCP, UDP and ICMP headers
Content searching & matching, by analyzing every incoming packet against a database of rules; each rule represents the signature of a security exploit.
The framework architecture consists of:
Sensor: runs continuously without human supervision and is capable of analyzing traffic in real time (imposing minimal overhead), sending push alerts to the Android device in order to warn the user about the threat and reports to the Logging Server.
Server: runs inside a Linux Box, and receives all the messages the sensor is sending. It’s also responsible for sending updated signatures to remote devices, storing events in the database, detecting statistical anomalies and for real-time analysis.
The IDS rule language is powerful enough to represent current and future security exploits accurately and very precisely. With the help of custom build signatures, the framework can also be used to detect all kind of attacks designed for mobile devices like the USSD exploit, Webkit remote code execution exploits, DoS attacks or the meterpreter module for Android. IDS rule language converts Snort-like rules to an AndroIDS friendly format. It has also some interesting modules that let users cheat the operating system fingerprinting attempts by sending up to 16 TCP, UDP, and ICMP responses to nmap’s probes or changing the TCP header fields to avoid pof’s detection engine.
Android mobile users should start taking security seriously…
Security information and event management (SIEM) solutions have entered the market to provide security intelligence and automate managing terabytes of log data for IT security. SIEM solutions monitor network systems, devices, and applications in real time, providing security intelligence for IT professionals to mitigate threats, correlate events, identify the root cause of security incidents, and meet compliance requirements.
Most organizations think that SIEM solutions have a steep learning curve and are expensive, complex, and hard to deploy. This claim may be true about many SIEM vendors. However, the right SIEM solution is one that can be easily deployed, is cost-effective, and meets all your IT security needs with a single tool.
ManageEngine's SIEM Expert, Joel Fernandes will discuss on 8 things every IT manager should know about choosing an SIEM Solution.
You'll learn how to:
Choose an SIEM solution
Monitor user activity to curb insider threat
Proactively mitigate sophisticated cyber-attacks
Meet IT Compliance Requirements
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
Defending against the increasing sophistication and complexity of today’s security threats requires a comprehensive, multi-layered approach. The key is to maximize the strength of each layer of your defenses, and then ask yourself “If this layer is breached, what do I have in place to prevent further damage?”
Even if you have implemented the proper layers of protection, effective security still requires a thoughtful and comprehensive approach to monitoring and reporting. Monitoring plays a critical role in any effective IT security strategy. It's like having a security guard constantly patrolling your digital infrastructure, vigilantly watching for suspicious activity and potential threats. Security monitoring allows you to detect threats as soon as possible, giving you a better chance of responding quickly and effectively.
Join us for this webinar we will cover:
• The best practices for monitoring your IBM i environment.
• The benefits of combining your IBM i monitoring with other IT systems
• A demonstration of a new Assure Security Monitoring and Reporting interface
This lecture was given as part of a Logicalis Security Event held in Jersey and Guernsey. The lecture introduced SIEM and it's concepts to business professionals as well as featuring live exploitation demos. The lecture also discussed the macro based anti virus evading malware.
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
World's #1 SIEM technology in GRC (Governance, Risk, Compliance). QRadar Risk Manager provides organizations with a pre-exploit solution that allows network security professionals to assess what risks exist during and after an attack, while also answering many "What if?" questions ahead of time, which can greatly improve operational efficiency and reduce network security risks.
Decrypting the security mystery with SIEM (Part 1) Zoho Corporation
Decrypting the security mystery with SIEM - Part I
1. EventLog Analyzer, your complete security arsenal
2. Sealing securityloopholes: Getting to know vulnerable ports, devices, and more.
3. Combating attacks with EventLog Analyzer
a. Mitigating brute force attacks
b. Stopping the rise of ransomware
c. Containing SQL injection attacks
4. Proactively preventing insider attacks
a. Monitoring privileged user activities
5. Securing physical, virtual, and cloud environments
6. Adhering to stringent compliance rules with the integrated compliance management
Modern SIEMs support many different business and technical use cases, including security, compliance, big data analytics, IT operations, and others. However, this does not mean that any SIEM solution will satisfy your unique business and technical needs. Not all SIEMs are built equally or optimally to support all use cases, so it’s important to begin your SIEM evaluation by defining your specific use cases or goals.
LTS Secure SIEM is capable of offering an effective and efficient means to monitor your network round the clock. Continuous monitoring from SIEM includes all devices, servers, applications, users and infrastructure components.
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
The rise in security threats affecting endpoints and the changing landscape of mobile and cloud-driven work environments has created new challenges for IT teams. BigFix Compliance offers a unified endpoint management solution that provides real-time visibility and policy enforcement to safeguard complex and widely distributed IT environments. It significantly reduces the administrative burden of compliance reporting and ensures adherence to standards, helping organizations protect their endpoints and minimize attack surfaces with minimal effort.
The ultimate guide to cloud computing security-Hire cloud expertChapter247 Infotech
Cloud Computing Security is imperative for the smooth operation of businesses today. According to the latest statistics revealed by International Data Group, almost 70 percent of the businesses today resort to Cloud Computing for handling their crucial business data and manage their business processes. Today, vulnerabilities like data security and network security issues lead to grave business losses if not managed correctly through timely intervention. This is where cloud computing security plays an important role in safeguarding the business information and mitigating the major security risks like cyber-attacks, DDoS attacks, and other enterprise bugs.
This solution overview discusses solving Security Information and Event Management (SIEM) challenges with RSA Security Analytics, which enables security analysts to be effective in protecting an organization’s digital assets and IT systems.
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
2. 2 Caretower’s SIEM Managed Security Services
Challenges
During recent times, organisations
all over the globe are facing many
challenges irrelevant of size or
vertical when it comes to Security
Information and Event Management
(SIEM) solutions.
Advanced persistent
threats
Many organisations have implemented a defence
in depth strategy around their critical assets using
APT, firewalls and IDS/IPS at the perimeter, two-
factor authentication, internal firewalls, network
segmentation, HIDS, AV and as well as other
technologies. All of these devices generate a huge
amount of data, which is difficult to monitor. A security
team cannot realistically have all these dashboards
open and correlate events among several components
fast enough to keep up with the packets traversing the
network.
Compliance
Almost every business is bound by some sort of
industry regulation such as PCI-DSS, GPG13,
ISO27001/2, HIPAA, SOX. Attaining and maintaining
these regulations is a daunting task. Virtually every
regulatory mandate requires some form of log
management to maintain an audit trail of activity.
Zero-day threat
detection
New attack vectors and vulnerabilities are discovered
every day. Firewalls, IDS/IPS and AV solutions all
look for malicious activity at various points within the
IT infrastructure, from the perimeter to endpoints.
However, many of these solutions are not equipped to
detect zero-day attacks.
Operation support
The size and complexity of today’s enterprises is
growing exponentially, along with the number of IT
personnel to support them. Operations are often
split among different groups such as the Network
Operations Centre (NOC), the Security Operations
Centre (SOC), the server team, desktop team, network
team etc.
Each with their own tools to monitor and respond
to events. This makes information sharing and
collaboration difficult when problems occur.
Forensics
Not only must a forensics analyst interpret log data to
determine what actually happened, the analyst must
preserve the data in a way that makes it admissible
in a court of law. Since log data represents the
digital fingerprints of all activity that occurs across
IT infrastructures, it can be mined to detect security,
operations and regulatory compliance problems.
Challenges &
Solution
3. Caretower’s SIEM Managed Security Services 3
Whether it is the challenges of managing many
disparate devices across different locations or having
to face a cyber attack in the ever growing threat
landscape, systems are compromised and affected with
data being taken, along with the complexity of adhering
to and maintaining industry driven compliances. These
factors are major concerns for businesses as they are
difficult to combat which need to be addressed and
overcome in an effective and timely manner.
Solution
Caretower’s Security Information and
Event Management (SIEM) service
collects, analyses and stores logs
from networks, hosts and various
applications. SIEM allows clients to:
ÎÎ Collect logs from multiple locations into a central
system: This enables numerous receivers to feed
into one central system for monitoring and reporting.
ÎÎ Summarise key incidents: Critical events and
alarms are reported to the client, in turn decreasing
the period and resource.
ÎÎ Correlate critical events: A pro-active holistic
approach that ensures threats are identified where
individual devices alone may not detect them.
ÎÎ Report on incidents: A full reporting engine and
dashboard is built into the Caretower’s MSS SIEM
service, providing clients with a real-time visibility
and historic reporting activity.
ÎÎ Take immediate and suitable remediation
activities: This minimises the implication of threats
on our client’s network and allows our Incident
Response Team to take immediate action.
Caretower’s Vendor Agnostic
MS SIEM Service
Existing SIEM Solution
Customer Network
Security
Devices
Endpoints
Network
Devices
4. 4 Caretower’s SIEM Managed Security Services
SIEM Managed Security Services Architecture
In the architecture diagram below, multiple receivers
from multiple locations collect logs from various
devices and ELM (Enterprise Log Manager) and ESM
(Enterprise Security Manager) fetch these logs from the
receiver periodically. ELM Stores the RAW logs mainly
for compliance purposes and ESM uses normalised
logs for reporting, correlation and alerting.
Situational Awareness and
Advanced Correlation
Real time Risk Based Alerting
and Remediation
Ad-hoc and Scheduled Reports
Centralised Overview, Analyse, Alert and Report (ESM - Enterprise Security Manager)
Receiver A Receiver B Receiver C
Storage
Devices
Business
Apps
Servers
Location A
Security
Devices
Endpoints
Network
Devices
Location B
Security
Devices
Mobile
Devices
Servers
Location C
Enterpise Log Manager (Raw Event Archive)
SIEM Managed Security
Service
We can host the solution or the solution can reside
within our customer’s network. We wrap our services
around either option which offers flexibility of
architecture and management. We monitor security
events 24/7 and provide in-depth security expertise. We
also provide reports on spot-patterns across a number
of customers to provide advanced warning on new
threats.
ÎÎ Proactive management
ÎÎ Run by dedicated and industry leading certified
security engineers (GIAC Certified Forensic Analyst)
– GCFA
ÎÎ SOC Engineer’s vendor certified
ÎÎ Escalation from tier 1 to tier 3 engineers
ÎÎ 24/7 x 365 SOC cover
ÎÎ Fully ISO27001 accredited SOC
SIEM Managed
Security Services
5. Caretower’s SIEM Managed Security Services 5
ÎÎ Service based on ITIL3 framework
ÎÎ Customer oriented, process driven and service
driven
ÎÎ Transition, incident, problem and change
management
ÎÎ Portal access for incident and change management
ÎÎ Multiple logins available for customer staff
ÎÎ Change requests initiated by SOC or by the
customer
ÎÎ Incident tickets raised in management system
automatically or manually via web portal
ÎÎ Email notification of tickets raised and updated
ÎÎ Bi-weekly/monthly reports generated for customers
ÎÎ SLA - Measurable Escalations – industry leading
SLAs
ÎÎ Incident Response - SANS (SysAdmin, Audit,
Networking, and Security)
Incident Response
ÎÎ Receive alerts in real-time
ÎÎ Perform forensic investigation
ÎÎ Provide security reports with expert advice within
SLAs
ÎÎ SLAs depend on the business impact for the
inbound alerts.
ÎÎ Different SLAs are implemented for traditional
support (change requests, patching, upgrading,
etc.) and incident response (advice on alerts) and
work through a remediation
ÎÎ Remediation plan and infrastructure
recommendations
ÎÎ Change requests
ÎÎ Fully logged and reports for audit trail
Minimise Operational
Expenditure
ÎÎ Improve productivity/effectiveness of the solution
ÎÎ Maximise your investments
ÎÎ Help achieve compliance
ÎÎ Traditional monitoring and support
ÎÎ Maintenance of rules and reports
ÎÎ Offer agility and flexibility
ÎÎ Reduce Internal Resource and Training Costs
ÎÎ Gives you peace of mind that your security is safely
managed by a team of experts 24 hours a day
Value to Customers
ÎÎ Improve your security posture within your
environment
ÎÎ Threat Awareness
ÎÎ Real-Time Trending
ÎÎ Proactive Maintenance and Monitoring
ÎÎ Risk Mitigation
6. 6 Caretower’s SIEM Managed Security Services
Recommendations to
customers
ÎÎ Deploy Base-Line configuration based on NIST Top
20 Security Controls
ÎÎ Based on common IT security best practices
ÎÎ Perform accurate tuning of the correlation -
engine/rule’s based on the customer’s specific use
cases
ÎÎ Based-lined configuration support
ÎÎ Tuning of the out-of-the-box features
Custom and compliance
reports
ÎÎ Implemented during the design phase
ÎÎ Maintained later on by the Security Operations
Centre
SIEM or MSsP? - comparing capabilities
Features SIEM MSSP
Monitors log events
Helps attain regulatory compliance
Flexible service delivery
Provides 24/7 analysis by security analyst
Stores logs off-site in forensically-sound facility*
Provides security intelligence and expertise as part of the
solution
Built-in disaster recovery and business continuity planning
(DR/BCP)
Predictable fixed cost
May require additional infrastructure (server, network
devices, storage, etc.)
*Optional store raw log data on customers’ premises, which may involve additional cost, and where it may not be
protected against alteration or theft.
7. Caretower’s SIEM Managed Security Services 7
Speed of
Implementation
Our SIEM Managed Security Service seamlessly
integrates with your network and can be up running
within days, not months. We deliver instant results
through visibility of events and analyse on a live
dashboard with in-depth reporting.
Simplified
Compliance
Our SIEM Managed Security Service enables
companies to fulfil their compliance requirements by
providing you with on demand, enterprise-wide reports
that demonstrate the security status of your systems.
The SIEM service can provide auditing against the
following industry standards (e.g.):
ÎÎ PCI DSS Compliance
ÎÎ ISO 27001
ÎÎ Protective Monitoring (GPG13)
ÎÎ SOX
ÎÎ HIPAA
ÎÎ PSN
Flexible
Dashboards
and Robust Reporting
Our SIEM Managed Security Service brings you
comprehensive technical, operational and trend
reports that communicate security status and satisfy
compliance requirements. Dashboards are available
out-of-the-box and Caretower delivers customisable
dashboards to each and every customer based on their
requirements.
24/7 Caretower
Security Operation
Centre
Our SIEM Managed Security solution allows you to be
a SIEM user, not an administrator. This means that you
have access to SIEM to view the data and run required
reports whilst maintaining a certain level of privileges.
The SIEM service is constantly monitored by our 24/7
Security Operations Centre where the team will carry
out monitoring, management and incident response to
security events and alerts.
Why Caretower?
As an independent IT security specialist, with over 17
years experience, Caretower provide comprehensive
solutions to individual problems, thus allowing our
recommendations to be unbiased. Over the years,
we have quickly established many long standing
relationships with all of our vendors, achieving the
highest status within these organisations based on the
level of expertise within our internal sales, support and
professional services teams.
This relationship ensures we provide our customers
with key changes within the industry which assists in
their on-going security management strategy.
ÎÎ To provide live 24/7 McAfee SIEM Managed Service
in Europe
ÎÎ Dedicated GIAC Certified Digital Forensic Security
Engineers (SANS (SysAdmin, Audit, Networking,
and Security) Institute)
ÎÎ Full-onsite and hosted architecture options,
depending on your requirements
ÎÎ We are CSA (Cloud Security Alliance) member and
ISO 27001 Accredited
Benefits of Caretower’s
SIEM Managed Security
Service