SIEM content and tuning
- Integration with external tools
- Report evaluation and consolidation
- Performance Analysis
- Architecture Review
- Modular content and re-usable blocks, to help speed up content writing, and threat detection.
- Updating and personalization of existing content
- Establishing SIEM as front line security tool
Advanced analytics
- Content development
- Rule based alerting
- Malware and Policy violation detection and review
- Real-time issue review and reporting, including risk analysis and plain English remediation advice
- Identification of valuable data streams to augment detection capability
- Threat research and identification
- Analysis of infrastructural issues and potential risk areas based on log data
Compliance and reporting
- Report and customized content development
- Focus on actionable intelligence, and on building on regulatory requirements and reporting to deliver increased security
- Assistance in translating organizational policies into metrics
- Making your data, and your logs, count, beyond requirements
SOC 2.0
- Training, from security basics to advanced rule creation
- Plain English output and transparent, visible security, to help all stakeholders participate in securing the organization
- Tuning the SOC, to yield increased detection rates, and streamline the identification and reporting of both real-time and underlying issues.
- Encourage evolution and research, as well as multi-disciplinary security
