How to transform log data into contextual and actionable intelligence that fuels your information security strategy.
As a valued customer, you are probably already aware that we launched our SecureData GI (Greater Intelligence) service recently. But what you may be unsure about is why you would need it – especially if you already have IPS and SIEM capabilities in some form or another.
The answer is simple: while conventional devices alert you to a threat or an attack, adding SecureData GI logging enables us to provide you with the vital missing piece of the puzzle: context! In other words, we give you concise details on the nature and severity of a threat or attack, how and why it’s relevant to your IT environment and business processes, and how to protect your business against it.
As well as now being able to identify the 1% of threats and attacks that really matter to you, we also provide you with the right level of detail to pass up and down the chain. You can demonstrate to executives exactly how you are addressing a specific threat or attack, and provide your staff with the appropriate guidance to ensure maximum awareness.
Using Firewall logs and SecureData GI, we can augment your security with:
- Known Threat Detection: correlate inbound and outbound traffic against known Bad IPs and identify infected hosts to detect threats earlier, reduce risk and speed up malware removal.
- Enhanced Operational Visibility: we can monitor utilisation and performance to understand data flows and re-define optimised Firewall policies.
- Identification of Data Breaches: we can examine shifts in traffic patterns and who or what is consuming your bandwidth to identify potential data breaches.
Quid pro quo
With SecureData GI, we now give you actionable intelligence and the tools to assess risks, detect threats, protect assets and respond to attacks. This is provided free of charge; all we need are your Firewall logs.
In return, you get full visibility into your security posture via the GI portal, and benefit from our Threat Advisory service – where the intelligence gleaned from your logs is interpreted by skilled experts at our 24/7 Security Operations Centre (SOC) and delivered back to your inbox in the form of timely Threat Advisory memos and a monthly report.
Moreover, we are not limited to the devices we manage. For a small increase in your monthly subscription, we can take in logs from literally any other device or system you have within your environment. And why would you do that?
Again, the answer is simple: It’s about harnessing the power that comes from connecting log data together.
Our cloud-based SIEM serves as a centralised big data analytics platform, with market-leading tools such as Maltego enabling us to take in logs from anywhere, and perform detailed analysis and trending to derive actionable intelligence directly relevant to your IT environment and your business.
Even the logs generated by Active Directory and DHCP, which don’t typically fall within the remit of a managed security service, can prove every bit as powerful as traditional Firewall logs when they are being fed into the SecureData GI Platform.
And by combing IPS logs with SecureData GI, the same types of benefits apply; it’s simply a different data set generated by devices surrounding the estate’s perimeter.
The more you put in…
But the true power of SecureData GI is in its dynamism and scalability. By combining logs from IPS, Firewalls and other security devices , we can identify gaps in your security defences and also what the missing pieces of the puzzle are.
For example, if a Firewall is seeing something the IDS doesn’t, we can tell you:
- Where brute force attacks are originating from
- How to optimise the network configuration to ensure the right load on a specific connection or on a specific device
- How to align IPS configuration with your Next Generation Firewall to explain why either one is not identifying attacks
- Pinpoint data leakages on the estate – both to remediate the problem and to prevent future leaks
Think of it like a car. Your security devices and systems are the moving parts, the SIEM is the engine, and the managed services provide the dash panel with SecureData GI and logging powering features such as miles per gallon and sat nav. These capabilities result in much better informed remediation and ultimately, a vastly superior security posture.
With threat intelligence cited as one of Ponemon’s Cybersecurity Megatrends for 2015, we know it’s the right way to be taking information security strategy. And we want to take you on this journey too.
Get in touch today and take your first step towards Greater Intelligence.