AlienVault Managed SIEM Service

Any event log collected by XCELIT’s AlienVault Managed SIEM Service is stored within compliant-ready and secure hot storage for the specified period of time (15, 30 or 90 days). The standard approach used is a write once, read many (WORM) to log storage in order to prevent log data from being modified or otherwise tampered with. Hot storage allows for faster viewing of event history in the case of forensics.

Any event log collected by XCELIT’s AlienVault Managed SIEM Service is stored within compliant-ready and secure cold storage (AWS). Data is kept indefinitely in cold storage for as long as invoices continue to be paid, with download capability also available. The standard logging approach used is a write once, read many (WORM) to log storage in order to prevent log data from being modified or otherwise tampered with.

Raw logs are available at any time, for example in the case of forensics such as investigating a fraud incident within an organisation which may require log events to be investigated several years into the past.

XCELIT’s AlienVault Managed SIEM Service monitors and analyses activity across the entire network including on-premise, off-premise cloud, endpoints and hundreds of common applications looking for anomalous activity that could be indicative of a security incident or compromise.

With XCELIT the effort doesn’t end with systems, XCELIT’s AAlienVault Managed SIEM Service leverages people, processes, and technology to continuously monitor and improve your organization’s security posture while preventing, detecting, analysing, and responding to cybersecurity incidents as per your IRP Incident Response Plan.

XCELIT’s AlienVault Managed SIEM Service is the core of XCELIT’s piece of mind Cyber Security.

XCELIT’s AlienVault Managed SIEM Service uses tools to discover and inventory all the assets (servers, desktops, laptops, connected mobiles, virtual machines, containers, firewalls, switches, and printers, etc) in your network and correlate asset information with threat and vulnerability data.

The dynamic nature of today’s cloud, on-premises, and hybrid network environments requires continuous network vulnerability scanning to defend against the evolving threat landscape. Constant application updates and changes to application and system configurations can introduce vulnerabilities and leave you susceptible to an attack, even if you are keeping your security controls up to date.

XCELIT’s AlienVault Managed SIEM Service vulnerability scanning identifies and creates an inventory of all the systems (servers, desktops, laptops, connected mobiles, virtual machines, containers, firewalls, switches, and printers etc) connected to a network. For each device that it identifies it also attempts to identify the operating system it runs and the software installed on it, along with other attributes such as open ports and user accounts.

After building up an inventory, the vulnerability scanner checks each item in the inventory against known vulnerabilities to see if any items are subject to any of these vulnerabilities.

XCELIT’s AlienVault Managed SIEM Service performs vulnerability assessments to define, identify, classify and prioritise vulnerabilities across your entire network so that the most critical vulnerabilities (those that a Hacker may exploit) can be taken care of with priority.

XCELIT’s AlienVault Managed SIEM Service performs vulnerability assessments on an ongoing basis and responds as per the Incident Response Plan (IRP) in place with our clients.

XCELIT’s AlienVault Managed SIEM Service employs intrusion detection software as part of XCELIT’s service offering. XCELIT’s solution includes built-in host intrusion detection (HIDS), network intrusion detection (NIDS), as well as cloud intrusion detection (CIDS) for public cloud environments including Google Cloud, AWS and Microsoft Azure, enabling you to detect threats as they emerge in your critical cloud and on-premises infrastructure.

Security Information and Event Management (SIEM) is where software products and services combine security information management and security event management. Providing real-time analysis of security alerts generated by applications and network hardware.

XCELIT’s AlienVault Managed SIEM Service employs SIEM Event Correlations. SIEM event correlations are an essential part of any SIEM solution. SIEM event correlation aggregates and analyses log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviours that otherwise go unnoticed and can lead to compromise or data loss.

Generated data for SIEM event correlations can be overwhelming. XCELIT’s systems take available information and filters out noise to generate actionable intelligence related to which events could cause a security breach, allowing targeted response.

XCELIT, with our clients, develop a Full Incident Response plan which is followed by our AlienVault Managed SIEM Service, providing you with confidence that a level of response is regularly employed on your behalf.

Incident Response is best driven by an incident response plan. If you do not yet have an Incident Response Plan, a XCELIT representative can assist with developing one with or for you. If you already have an Incident Response Plan, XCELIT’s AlienVault Managed SIEM Service can augment into your existing plan.

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

Endpoints include not only desktops and servers, but laptops, tablets, smartphones and internet of things (IoT) devices.

Increasingly, endpoints represent one of the top areas of security risk for organizations and as a result, EDR is becoming increasingly important. Cyber criminals are increasingly designing their attacks to evade traditional endpoint prevention and protection tools, in response XCELIT’s AlienVault Managed SIEM Service as part of our services seek evidence of attacks that might not trigger traditional prevention rules.

While many security teams recognize the need for advanced threat detection for endpoints, most do not have the resources to manage a standalone EDR solution.

Endpoint detection and response solutions, such as that employed by XCELIT’s AlienVault Managed SIEM Service record system activities and events taking place on endpoints and provide XCELIT’s AlienVault Managed SIEM Service team with the advanced analytics they need to uncover incidents that would otherwise remain invisible. Commonly also known as detecting and investigating suspicious activities on hosts and endpoints.

XCELIT’s AlienVault Managed SIEM Service platform centralizes and automates threat hunting on endpoints across your cloud and on-premises environments, so we can detect and respond to threats wherever they unfold.

The ability to unify data from both cloud and on-premises endpoints allows XCELIT’s AlienVault Managed SIEM Service to obtain a holistic view rather than a siloed view from different systems represents one of the main advantages of XCELIT’s Endpoint Detection and Response solution.

Raw logs are an invaluable asset for forensic analysis and compliance mandates. XCELIT’s AlienVault Managed SIEM Service can review logs to find details about specific incidents, search the logs for instances using a specific IP address, or analyse the patterns of multiple attacks.

XCELIT’s AlienVault Managed SIEM Service combines the essential security technologies needed to demonstrate compliance against today’s most challenging regulatory standards such as PCI, HIPPA, ISO 27001 and NIST CSF, or to meet compliance to any internal IT system requirements.

Let XCELIT know what you need and XCELIT will provide you with our best available standardised reporting, or generate custom reports at an additional service fee if not readily available.

For certain important events, you may want a notification to be sent to you or your team to inform them immediately. XCELIT’s AlienVault Managed SIEM Service team will set these up for you. If you do not have any specific requirements, XCELIT will recommend some and you may opt in if you choose.

File Integrity Monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted.

The process employed by XCELIT’s AlienVault Managed SIEM Service is called syscheck. The syscheck process scans the host at user-defined intervals and stores checksums of watched files. A checksum is a small-sized datum derived from a block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. The system then generates an event when a checksum changes.

XCELIT’s AlienVault Managed SIEM Service system can also configure Windows systems so that host-based intrusion detection system (HIDS) agents forward object access audit events to the AlienVault Managed SIEM Service.

Audit events provide more information regarding the operations affecting file and folder objects, such as who performed specific actions or operations on an object.

User behaviour monitoring is a new approach to insider threat prevention and detection. XCELIT’s system determines what is normal use and then monitors for abnormal use.

Implementing user behaviour monitoring is obligatory to comply with a lot of industry standards (e.g. NIST, HIPAA, PCI DSS, etc.).

Context is critical when evaluating system and network behaviour. For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic something is likely wrong.

Therefore, as soon as your XCELIT AlienVault Managed SIEM Service solution is implemented, behavioural monitoring functionality starts gathering data to help you understand normal system and network activity. XCELIT’s AlienVault Managed SIEM Service solution provides network behavioural analysis with service availability monitoring to create a full picture of system, service, and network anomalies.

XCELIT can manage your reporting and dashboard needs.

Dashboards – Your internal IT team or curious nominated staff can access dashboards.

Reporting – XCELIT’s reports are designed so they are easy to understand, not just for IT professionals.

Reports can be delivered to you monthly, including PCI, NIST CSF, HIPAA, and ISO 27001 compliance reports, alarm reports, asset reports and create event reports.

XCELIT’s AlienVault Managed SIEM Service can integrate with Service Now, Jira, Slack, Datadog. Jira being the most common ticketing and alerting system.

XCELIT’s AlienVault Managed SIEM Service systems allow for orchestration and automation of threat detection and response across an ever-growing ecosystem of third-party security tools and IT applications, including Palo Alto Networks, Cisco Umbrella, Carbon Black, and many other Apps.

XCELIT’s AlienVault Managed SIEM Service employs Automated Incident Response & Forensics with the intention of saving you money and reducing the cost of Cyber Security.

Automation expedites typical responses and repetitive tasks so little to no human intervention is required to detect and respond to security threats and incidents.

Digital forensics helps IT professionals (SOC Engineers and SOC Analysts) identify instances of cybercrime like malware and hacking.

By automating incident response, XCELIT’s AlienVault Managed SIEM Service team can improve performance and save time, essentially giving you more for less, saving you money.

An example of automation is whereby as soon as ransomware is detected and an alarm is raised your system automatically responds by isolating the infected machines, allowing for a controlled response, rather than a mad dash to your servers or systems and frantically unplugging infrastructure.

With the right automated incident response, XCELIT and your IT security team combined can stay in control of their incident response (IR) activities and respond to threats and intrusions swiftly and effectively, with less manual work—no wire-ripping required.

Dark Web Monitoring employed by XCELIT’s AlienVault Managed SIEM Service leverages SpyCloud technology to monitor the dark web to discover if your users’ credentials, such as email addresses, usernames, and passwords, have been stolen.

If detected, XCELIT’s AlienVault Managed SIEM Service alerts you so that you can respond swiftly to the compromise, such as requesting users to change details and cancel credit cards, ahead of a breach.

While momentarily inconvenient, your customers will thank you and the efforts of another hack will be thwarted.

XCELIT’s AlienVault Managed SIEM Service system can manage your data needs, you need not be concerned about our capacity to cope. Importantly however, XCELIT’s implementation plan is structured to ensure you get maximum bang for your data scanning buck by avoiding white noise data.

Payment Card Industry Data Security Standard (PCI DSS) is a security standard used to ensure the safe and secure transfer of credit card data.

PCI DSS compliance software is a must-have for any organization that handles credit card data or other types of payment card data. Failure to comply can result in PCI DSS penalties and fines imposed daily, and a data breach resulting from non-compliance could cost millions in settlements, legal fees, and loss of reputation.

XCELIT’s AlienVault Managed SIEM Service solution provides everything you need to get ready for your next PCI DSS audit in one affordable, easy-to-use solution. XCELIT’s AlienVault Managed SIEM Service solution combines the essential security technologies you need to demonstrate compliance, including asset discovery, vulnerability assessment, log management, file integrity monitoring, and others. It also provides predefined compliance reports out of the box and automatic threat intelligence updates, helping you to stay in compliance with continuous security monitoring.

XCELIT’s AlienVault Managed SIEM Service systems provide up to date information related to sophisticated malware or hacking-based attacks targeting sensitive data. Where possible, XCELIT integrates with security tools to automate the response within your environment. With automated feeds of threat intelligence, combined with our AlienVault Managed SIEM Service team of analysts XCELIT provides proactive threat hunting, enhanced abilities to prevent incidents before they occur, and respond to events in real time.

Lightweight sensors and agents are the only components deployed in your environment.

Sensors employed by XCELIT provide deep security visibility into both your cloud and on-premises environments.

XCELIT’s AlienVault Managed SIEM Service virtual sensors run on VMware and Microsoft Hyper-V to monitor your on-premises physical and virtual IT infrastructure. In the cloud, lightweight cloud sensors natively monitor Google Cloud, Amazon Web Services and Microsoft Azure Cloud.

Each sensor is purpose-built to fully leverage the native data collection methods of each environment: AWS, Azure, and on-premises physical and virtual infrastructure deployed on Hyper-V or VMware. Deployed agents collect data from your Windows and Linux endpoints.

Deployed sensors conduct scans, monitor packets on the networks, and collect logs from assets, the host hypervisor, and cloud environments. Collected information is stored in XCELIT’s AlienVault Managed SIEM Service secure cloud and used by XCELIT’s AlienVault Managed SIEM Service in providing Cyber Security services.

The deployment of sensors by XCELIT allows centralized security monitoring of your cloud, on-premises, and hybrid IT environments, including your endpoints and cloud apps like Office 365 and G Suite amongst others.