Managed SIEM

Managed SIEM

Find and respond to threats faster.

Cyber threats are growing more common and complex as organisations face a rapidly evolving technical and operational landscape. The proliferation of technologies and services as Cloud migrations continue and remote working booms, poses a unique threat for Security teams.

Information Security teams are presented with large quantities of data, signals and alerts from an array of different sources. Sifting through this noise to identify, understand and respond to threats has become increasingly challenging.

Many of the biggest recent hacks have gone undetected for more than a year, allowing hackers time to inflict considerable damage. Accelerating the discovery of threats and arming your response is the next battlefront in Cyber Security.

The average time to identify a breach in 2020 was 207 days.

The average lifecycle of a breach was 280 days from identification to containment.

Security breaches have increased by 11% since 2018 and 67% since 2014.

Source IBM

Kontex’s bespoke SIEM operating model ensures an effective threat mitigation function for your organisation. Our model removes many of the frustrations with existing outsourced providers such as understanding activity responsibilities, coverage planning and on-going architecture design.

We continually develop the service to align with new threats and unexpected market changes specific to your organisation.

Unfortunately for organisations, many SIEM solutions are not collecting suitable event data, they are not architected correctly, they do not have sufficient threat detection analytics and they are not tuned to the needs of the business resulting in an ineffective threat identification and response programme.

A misconfigured and poorly managed SIEM solution will hurt your business. For a SIEM solution to be able to detect threats and operate effectively, it is critical that:

  • Rich data from essential systems is ingested and analysed.
  • Customised and accurate threat analytics rules are deployed and aligned with global risks trends.
  • Skilled security analysts maintain and operate the SIEM.
  • You Security team are notified early to threats so that your organisation suffers only minor impact if any at all.

Kontex’s proven Managed SIEM service will ensure that threats are detected and responded to on-time.

 

Service Offering

Device & Architecture Management - ‘Fuelling the engine’
  • Reviews of client architecture, systems and roadmaps
  • Supporting the customer in developing and maintaining sufficient verbosity in event flows
  • Ensure key systems are captured
  • Development of custom connectors and normalisation strategies
  • Support in the development of use case strategy aligned with SIEM coverage

Continuous SIEM Configuration - ‘Tuning the engine'

  • Constant tuning of existing analytics rules – removal of noise
  • Deployment of value-add analytics rules
  • On demand deployment of critical / threat intelligence led analytics rules
  • Development of campaign specific threat hunting queries – Anomaly and compromise detection strategy

Monitoring & Reporting - ‘Running the engine’’

  • Monitoring of SIEM incidents by qualified analysists
  • Validating incidents and Incident Triage
  • Provision of remediation guidance
  • Post incident root cause tracked and reported
  • Development of custom dashboards and reports based on use cases
  • Daily threat hunting processes

 

Start your journey towards a more secure organisation

GET IN TOUCH TODAY
IRELAND
Alexandra House,
Ballsbridge Park,
Dublin 4, D04 C7H2

UK
200 Strand,
Temple,
London WC2R 1DP

USA
Denver Place,
999 18th St UNIT 3000,
Denver, CO 80202,
United States
NETHERLANDS
Singel 250,
Amsterdam,
Netherlands, 1016 AB

+353 1 566 7050
info@kontex.com