All Methodologies

AIS SIEM Benefits
    Provided as an affordable Turn-Key, Managed Service

    Automated alerts sent via flexible transport methods (Examples: text message, email, slack, etc)

    Manages evolving threats proactively

    Provides confidence in closing gap between perceived and actual security

    Maximizes value of security investments

    Frees IT staff to focus on business initiatives

    Provides single pane of glass visibility across all devices

    Reduces audit effort and expense for PCI, HIPAA and other standards

    Access to security professionals and expertise
AIS SIEM Effects On Performance And Reliability
    • Alerting based on standard and custom monitoring conditions
    • (i.e. Office 365 Logins from Outside the United States)
    • Web dashboards to view real-time and historical status at a glance
SIEM Flexibility
    • Ability to be provided solely as a Managed SIEM Platform to a fully managed SOC(Security Operations Center)
    • Reduces implementation and overall learning curve of employees, time and cost keeping alerting conditions up to date
    • Ability for proactive action on alerts and threats, IT departments don’t have time to address alerts and concerns- response team provided
    • Flexible tiered response
    • Dashboard and Alerting s Provided with Best Practices Guidelines where customers can customize
SIEM Security Features
    • Identifies Device configuration changes and errors
    • Ability to monitor security audit logs to detect unauthorized access attempts
    • Robust security policy control
    • Robust real-time, automated, and custom Alerting and Dashboard capabilities

Compromised Passwords
    Compromised passwords are a serious risk to an environment. They can lead to spear phishing attacks, malicious logins, data breaches, and ransomware. This could lead to significant expenses in the event of a data breach. Compromised passwords could also be a result of an inadequate password policy. That is also something that should be reviewed if there are a large number of compromised passwords in the environment.
External Vulnerabilities
    External vulnerabilities are opportunities for outside attackers to gain internal access to the network. There are numerous holes that can be opened, many of which are opened unknowingly. Attackers have many sophisticated methods to exploit these openings
Login Failures
    Sometimes passwords are forgotten or simply mistyped which triggers a login failure. Large amounts of failed login attempts in a short timeframe can be an key indicator of a brute force attack. This method of attack targets a user by guess passwords until it's solved using algorithms and password databases found online or obtained illegally through the dark web.
Login History
    Login history keeps records on who is attempting logins into which machines and how frequently. This can be an important item to track who may be accessing devices that they shouldn't be. Login history can also identify suspicious activity on higher privileged devices that may contain critical or sensitive information. Anomalous logins can be crosschecked with login history to validate suspicious activity of a user.
User Behavior Analysis
    User behavior analysis targets the method of login attempts by users. It's broken up into 3 categories. The first category is login attempts from the physical keyboard and screen of the device. The second category is remote login attempts. This could include terminal services, Remote desktop, or remote assistance. The third category is through the network to access a system resource such as a shared folder. This can be used to determine the method an attacker used is access the network in that instance.
Windows Patch Assurance
    Sections on this page Related Solution (1) Related Solution Endpoint Management
Proprietary Applications Security
    Realtime Security Risk Analysis on Proprietary Applications- The SIEM provides real time analysis of Proprietary Applications to look for security gaps and identify patterns of suspicious activity that can identify a breach has occurred
Threat Intelligence Alert Destination IP Threat Indicated
    Event destination IP address is listed on one of more blocklists as having an IOC - Indication of compromise.
Threat Intelligence Alert Source IP Threat Indicated
    Event source IP address is listed on one of more blocklists as having an IOC - Indication of compromise.
Unauthorized 3rd Party Application Detection
    3rd Party Application Detection and Remediation- The SIEM identifies unauthorized 3rd Party applications that have been granted access (a backdoor) into your network and provides you a portal to confirm applications in your environment
Last modified April 14, 2021