AIS Managed SIEM

Cloud-based Security Information and Event Management platform that provides the proactive, preventative maintenance and technology you need to secure your workstations, servers, devices and networks. Multi-Platform Protection for Critical Business-Grade Anti-Virus and Analytics, Enterprise-Grade Anti-Malware Threat Intelligence, Filtering Web Content, Firewall Services, Reviewing firewall rules, Patching the latest vulnerabilities discovered, Inbound and Outbound Email Security.

Technology has transformed what’s possible for today’s small and medium-sized organizations, but it also increases exposure to potential security risks. The AIS Managed SIEM (Security Information Event Management) platform changes all that with enterprise-level, cost-effective protection for SMBs.

The AIS Managed SIEM (Security Information Event Management) Platform supports threat detection and security incident response through real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It provides real time analysis of security alerts generated by network-connected devices and on-premise, Cloud, and SaaS applications.

WHY AIS MANAGED SIEM IS DIFFERENT

AIS combines access to an experienced team with an innovative approach to technology to eliminate the high cost and complexity when compared with existing Enterprise SIEM platforms.

  • Delivery: The SIEM can be delivered solely as a managed SIEM platform or as a turnkey managed service. AIS’ IT consultants can implement, configure, and maintain the SIEM, while its SOC team can monitor and respond to security alerts.
  • Technology: The platform architecture utilizes both proprietary code and open-source packages, allowing for efficient development that results in faster-to-market functionality and more robust product features.
  • Integration: AIS Managed SIEM is agnostic in terms of device brand and infrastructure architecture. It can aggregate information from network-connected devices as well as on-premise, cloud (AWS, Azure, etc.), and third-party SaaS tools, or even hybrid infrastructure architectures.

Features

With AIS Managed SIEM, organizations can:

  • Reduce costs and internal IT resource strain with an affordable turnkey managed service for reduced root cause analysis time for security, performance, reliability issues
  • Confidently manage evolving threats proactively across all devices and platforms
  • Increase ROI by maximizing the value of security investments and identifying opportunities for Cloud service cost savings
  • Reduce audit effort and expense for PCI, HIPAA, and other standards
  • Single portal for centralized security and event log collection, monitoring, analysis, and alerting
  • Device brand agnostic, and infrastructure architecture agnostic aggregates, on premise, cloud, third party SaaS, and hybrid infrastructure architectures
  • Ability to grant granular permissions to specific users
  • Seamless collaboration with when working with AIS or vendors for escalation support
  • Ability to be provided solely as a Managed SIEM Platform to a fully managed SOC(Security Operations Center)
  • Reduces implementation and overall learning curve of employees, time and cost keeping alerting conditions up to date
  • Ability for proactive action on alerts and threats, IT departments don’t have time to address alerts and concerns response team provided
  • Flexible tiered response
  • Dashboard and Alerting s Provided with Best Practices Guidelines where customers can customize
  • Identifies Device configuration changes and errors
  • Ability to monitor security audit logs to detect unauthorized access attempts
  • Robust security policy control
  • Robust real time, automated, and custom Alerting and Dashboard capabilities
  • Alerting based on standard and custom monitoring conditions (i e Office 365 Logins from Outside the United States)
  • Web dashboards to view real time and historical status at a glance

Benefits

  • Provided as an affordable Turn Key, Managed Service
  • Automated alerts sent via flexible transport methods (Examples: text message, email, slack, etc)
  • Manages evolving threats proactively
  • Provides confidence in closing gap between perceived and actual security
  • Maximizes value of security investments
  • Frees IT staff to focus on business initiatives
  • Provides single pane of glass visibility across all devices
  • Reduces audit effort and expense for PCI, HIPAA and other standards
  • Access to security professionals and expertise




Financial Analysis of IT Solutions

Ingest Logs from IT Business Solutions (Cloudflare) being used in your environment and Turn Data into Actionable tasks- The SIEM can ingest logs and data from other data sources/solutions and give IT Departments insight and the ability to make data backed decisions around cost removing uncertainty.

Business Intellectual Property

Data Loss Prevention/Information Lockdown- The SIEM can detect if files are being exported/imported instead of being stored where the information security policy dictates.

Example Project Plan

Discovery
  • SIEM Requirements Gathering
    • Verify SIEM Requirements
Implementation
  • Alert and Dashboard Review Meeting
    • Review standards used
    • Discuss alert notifications
    • Identify any custom alerts requested
    • Review standard dashboard widgets
    • Identify any custom widgets requested
  • Alert conditions and configuration
    • Define review of Customer specific alerts
    • Define level of effort, when root cause analysis is required (ticket hours)
    • Decide when client prior approval is required
    • Determine if low severity alerts silence by default
    • Alert category (issue type) security breach performance reliability data loss
  • Customize Grok Patterns to ensure fields are extracted properly
Validation
  • Customer Diligence AIS SIEM Compliance Docs
Recurring Quarterly
  • Review customer specific alerting criteria
    • Review monitoring conditions
  • Quarterly Meeting
    • Security posture review – Identify security need changes resulting from business/technical changes
Recurring Monthly
  • Monthly Meeting Alert activity review
    • Summarized for discussion to ensure appropriate approach, level of effort, and remediation change management
    • Discuss potential alert threshold changes (i e Specific count of file deletion or email deletion to trigger an alert, etc)
Recurring Ongoing/As Needed
  • Alert triage False positive identification, correlation and escalation
  • Verified incident reporting – Threat explanation, criticality evidence, affected assets/users, remediation next steps

Recurring Tasks

Review customer specific alerting criteria
  • Review monitoring conditions
Alert triage False positive identification, correlation and escalation
Verified incident reporting – Threat explanation, criticality evidence, affected assets/users, remediation next steps
Monthly Meeting Alert activity review
  • Summarized for discussion to ensure appropriate approach, level of effort, and remediation change management
  • Discuss potential alert threshold changes (i e Specific count of file deletion or email deletion to trigger an alert, etc)
Quarterly Meeting
  • Security posture review – Identify security need changes resulting from business/technical changes
Last modified August 2, 2022