SIEM is not just a set of security controls or detection mechanisms, it's what makes the security technologies more effective. The scope and purpose of SIEM is to collect logs and then map the information about an organization’s infrastructure and business processes back to them. It empowers security analysts to make reasoned, informed investigations into activities on the network to determine their impact on security integrity and business continuity. The SIEM should act as your single portal to activity on your network, decoupling your analysts from a need to have product-specific knowledge about security capabilities.
Our Services: RKON SLM Comprises Three Major Components
1. Security Log and Event Monitoring
Hosted in RKON data centers, our SIEM collects and aggregates logs from critical infrastructure components in the customer environment. The logs are continuously correlated and compared against a security policy, and alarms are generated when potential threats or anomalies are detected. Security experts in the RKON Security Operations Center (SOC) provide additional analysis, validation and response for security threats. The combination of the automated analysis and human verification in the SOC reduces false positives, ensuring that clients are only notified about real security events.
Logs are stored for one year, addressing a key security requirement. Customers can
significantly improve their security posture by leveraging this industry-leading solution to provide:
- Next-generation SIEM and log management
- Independent host forensics and file-integrity monitoring
- Network forensics with application ID and full packet capture
- State-of-the art machine analytics
- Advanced correlation and pattern recognition
- Multidimensional user/host/network behavior
- Rapid, intelligent search
2. Incident Management/SOC
Incident management, a major component of our SIEM service, is provided by RKON’s SOC. It ensures that the SIEM system is optimally configured to provide the greatest coverage and handles the management of all security events generated by that system.
Specifically, this service includes:
- Generation of incidents in the ticketing system based on alarms generated by SIEM
- Incident management of these tickets, including escalation to appropriate resources
- Ongoing tuning of the SIEM system
- Creation of custom alerts and reports
- Integration of new assets into the SIEM system
3. Incident Response
This service is provided as a retainer and includes 40 hours of incident response activities in a calendar year to be used toward the remediation, investigation and customer notification activities associated with a suspected security breach.
For more information, please contact us.
Service Offering: RKON Security Log Monitoring (SLM)
Data Sheet: Why So Many SIEM Implementations Fail
Webinar: Why Your Last SIEM Was a Waste of Money
Webinar: SIEM & Security Monitoring Buying Guide