SIEM & SOC
Security Event Monitoring & Alerting
Understanding what normal activity looks like in an environment is essential to identifying threat activity. Protelligent’s proven, layered approach incorporates Security Information and Event Management (SIEM) technology to provide continuous, centralized, event collection and threat correlation for every layer of the stack.
Protelligent’s Security Operations Center (SOC) watches your network, investigates security alarms, tunes the system to keep up with the current threat landscape and works with you when actionable threat information surfaces. No need to watch the screen day and night – we do that for you. An alarm can be a singular event, a series of events, a sequence of events or a scenario of events. Protelligent® helps translate events and scenarios into actionable detection and response methodologies.
Protelligent will customize automated incident response activities; for example, at 1:00 a.m. on Saturday, when events are detected and correlated to specific threats or active attacks, the offending machines can be programmatically isolated from the network logically. Although the offending systems will remain powered on, they will not be able to traverse the network until the incident is investigated and cleared.
Collaborative Platform Management
Security is often made to sound much simpler to implement and maintain than it really is; there is no “set-it-and-forget-it.” Capitalizing on security investments requires time and a commitment to threat-knowledge and platform maintenance that many organizations cannot afford.
With experience supporting and managing a variety of NextGen platforms, our team of certified security professionals will help dial-in and manage existing security platforms to prevent your investment from becoming “ideaware.”
Achieve a higher level of security readiness in less time by shifting the functional security responsibility to our experts. This allows your IT team to focus on priority projects and other revenue generating activities.
- Managed or co-managed SIEM & SOC operations
- Host and network intrusion detection service (HIDS/NIDS)
- Passive vulnerability scanning
- Data leakage monitoring (DLM)
- File integrity monitoring (FIM)
- Event logging and retention
- Ongoing policy and response tuning and optimization
- Application behavioral monitoring (whitelisting/blacklisting)
- SOC performance and risk awareness reporting