- IT Services
- Industry Experience
- About Us
- Learning Resources
- Client Access
- Contact Us
The underlying principle of a Security information and event management (SIEM) system is that relevant data about an enterprise’s IT security is produced in multiple locations and being able to look at all the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary. System logs, audit trails event logs and transaction records are collected, centralized and then anomalies are reviewed by Security Operations Center analysts.Synoptek’s Security Information and Event Management service is connected to designated devices and collects activity log data. Synoptek SIEM as a Service facilitates the management of security-related events by collecting and correlating events that could be threats, events or security issues.
Synoptek’s Security Information and Event Management service is connected to designated devices and collects activity log data. Synoptek SIEM as a Service facilitates the management of security-related events by collecting and correlating events that could be threats, events or security issues.
The primary job of the Synoptek SIEM is to act as a “log aggregator” and sort through all of the data and find an event that has possible security implications.
The Synoptek SIEM:
Synoptek’s Security Information and Event Management (SIEM) service includes 24x7x365 automated monitoring and alerting through advanced log correlation, contextual analytics, big data analysis and Synoptek’s custom-tuned rule database.
Synoptek’s robust, scalable solution provides you with automated notifications with human oversight for on-premise devices including firewalls, routers, unified threat management devices, switches, servers and all other devices for which there is a preconfigured SIEM parser.
Running and Startup Configuration
As a part of change management, Synoptek discovery module discovers the “start-up” and “running configuration” from the network devices such as routers, firewalls, and switches over a historical period. It intelligently detects the difference between the startup configuration and running configuration and if there are any differences between various startup configurations over an extended period of time.
Whenever a change is detected, it creates an incident and notifies the administrator about the change. With this intelligence, the administrator can keep track of the changes which are unauthorized configuration changes to their core network devices. The administrator can look at the configuration for any historical time interval, by selecting the revision of that configuration.
System alerts or “events” will be configured at startup, but some of the typical alerts are:
Synoptek will continuously monitor for threats as presented by the SIEM. When an incident is received, Synoptek will gather and document the necessary context and activity logs required to investigate, and perform the notification. Notification will be provided by email within 1 hour from the time of the initial detection.
Synoptek is responsible for detecting network anomalies and sorting out the bad traffic patterns from among the vast false positive bad traffic patterns that show up on our screens hourly. As a result, Synoptek has its interests aligned with those of its clients to reduce false positives and increase the signal to noise ratio of potential threats. An initial 4-6 weeks of tuning are required before the system becomes effective. Ongoing tuning, which is included in the service, will progressively provide an improvement in report data quality.
Quarterly Security Advisory
This service includes a Quarterly recurring information security review meeting. In this meeting, Synoptek will lead a review of the prior Quarter’s threats, discuss any new threat vectors, and recommended changes to systems or policies. This will be conducted via a conference call. Synoptek will also issue a monthly Threat Intelligence Report.
Technical Support and Monitoring
Synoptek will provide support for troubleshooting and resolution for the local appliance that will be monitored by Synoptek’s Security Services Team. In addition, a web-based ticketing system to support tickets, track, and provide correspondence for any support related issue. All communication will be handled through the Ticket System.
Synoptek will remediate issues related to the local appliance, identified either via monitoring and notification, or those initiated through contacting the Service Desk. In both cases, a service ticket will be created and prioritized based on severity. The service desk will attempt to resolve the issue remotely, escalating to level 2, then level 3 engineers as required. If the issue cannot be resolved remotely, a field technician will be dispatched.
A typical SIEM report looks like this:
For a fixed monthly fee Synoptek provides the “focus,” depth, and security services you need in today’s risky IT environment.