Security Information and Event Management SIEM

The underlying principle of a Security information and event management (SIEM) system is that relevant data about an enterprise’s IT security is produced in multiple locations and being able to look at all the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary. System logs, audit trails event logs and transaction records are collected, centralized and then anomalies are reviewed by Security Operations Center analysts.Synoptek’s Security Information and Event Management service is connected to designated devices and collects activity log data. Synoptek SIEM as a Service facilitates the management of security-related events by collecting and correlating events that could be threats, events or security issues.Synoptek SEIM Service

Synoptek’s Security Information and Event Management service is connected to designated devices and collects activity log data. Synoptek SIEM as a Service facilitates the management of security-related events by collecting and correlating events that could be threats, events or security issues.

The Synoptek SIEM service:

The primary job of the Synoptek SIEM is to act as a “log aggregator” and sort through all of the data and find an event that has possible security implications.

The Synoptek SIEM:

  • Deploys multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment — and even specialized security equipment like firewalls, antivirus or intrusion prevention systems.
  • Assembles and stores log files facilitating near real-time analysis enabling security personnel to take defensive actions more quickly.
  • High severity notifications are automatically sent to Security Operations Center specialists
  • Collects data into a central repository for trend analysis and anomaly reporting.  Defined events are forwarded to a centralized management console, which performs inspections and flags anomalies.
  • Provides automated SIEM reports help compliance managers confirm they are meeting an organization’s mandated compliance requirements.
  • Regularly updates security rules to address latest threats
  • Performs daily reviews of security events by trained Security Operations Center analysts
  • Regularly issues comprehensive reports outlining daily log reviews

Managed IT Security Services

Synoptek’s SIEM Service includes:

Synoptek’s Security Information and Event Management (SIEM) service includes 24x7x365 automated monitoring and alerting through advanced log correlation, contextual analytics, big data analysis and Synoptek’s custom-tuned rule database.

Synoptek’s robust, scalable solution provides you with automated notifications with human oversight for on-premise devices including firewalls, routers, unified threat management devices, switches, servers and all other devices for which there is a preconfigured SIEM parser.

 

Running and Startup Configuration

As a part of change management, Synoptek discovery module discovers the “start-up” and “running configuration” from the network devices such as routers, firewalls, and switches over a historical period.Synoptek IT Security Services 2 It intelligently detects the difference between the startup configuration and running configuration and if there are any differences between various startup configurations over an extended period of time.

Whenever a change is detected, it creates an incident and notifies the administrator about the change. With this intelligence, the administrator can keep track of the changes which are unauthorized configuration changes to their core network devices. The administrator can look at the configuration for any historical time interval, by selecting the revision of that configuration.

System alerts or “events” will be configured at startup, but some of the typical alerts are:

  • Compromised host detected
  • Brute-force login success
  • Concurrent authentications to the same account from multiple countries
  • Malware found but not remediated
  • Rootkit found
  • Remote desktop from the internet
  • P2P traffic identified

 

Service Level
Synoptek will continuously monitor for threats as presented by the SIEM. When an incident is received, Synoptek will gather and document the necessary context and activity logs required to investigate, and perform the notification. Notification will be provided by email within 1 hour from the time of the initial detection.

System Tuning
Synoptek is responsible for detecting network anomalies and sorting out the bad traffic patterns from among the vast false positive bad traffic patterns that show up on our screens hourly. As a result, Synoptek has its interests aligned with those of its clients to reduce false positives and increase the signal to noise ratio of potential threats. An initial 4-6 weeks of tuning are required before the system becomes effective. Ongoing tuning, which is included in the service, will progressively provide an improvement in report data quality.

Quarterly Security AdvisorySynoptek IT Security Services 3
This service includes a Quarterly recurring information security review meeting. In this meeting, Synoptek will lead a review of the prior Quarter’s threats, discuss any new threat vectors, and recommended changes to systems or policies. This will be conducted via a conference call. Synoptek will also issue a monthly Threat Intelligence Report.

Technical Support and Monitoring
Synoptek will provide support for troubleshooting and resolution for the local appliance that will be monitored by Synoptek’s Security Services Team. In addition, a web-based ticketing system to support tickets, track, and provide correspondence for any support related issue. All communication will be handled through the Ticket System.

Synoptek will remediate issues related to the local appliance, identified either via monitoring and notification, or those initiated through contacting the Service Desk. In both cases, a service ticket will be created and prioritized based on severity. The service desk will attempt to resolve the issue remotely, escalating to level 2, then level 3 engineers as required. If the issue cannot be resolved remotely, a field technician will be dispatched.

 

A typical SIEM report looks like this:

 

Synoptek SIEM Report Examples

Managed IT Security Services

For a fixed monthly fee Synoptek provides the “focus,” depth, and security services you need in today’s risky IT environment.

Contact us now to start the IT Security discussion.

 

Understand Synoptek's Better Approach to: Managed IT Services, Cloud Hosting, IT Consulting and IT Security Services

[getstarted]
STAGING