Contact Us
Menu
Contact Us

Threat Detection/SIEM

Threat Detection/SIEM

SIEM is a complex technology, involving design, deployment, development and management phases. At Security Centric, we provide assistance throughout the SIEM lifecycle. This will help you choose the right SIEM solution, ensure your policies and procedures maximise SIEM’s value and enable you to respond to all types of events and incidents.

Ingest of event data into best-of-breed commercial security analytics platform, to be securely stored, indexed and correlated.
12 months online retention of all event data to facilitate rapid investigation including correlating recent suspicious activity with older data and support formulation of timeline.
Rapid incident response engineering and forensic services.
Security Centric red-teaming expertise is applied across the entire Assess-Secure-Detect-Respond security lifecycle.
A large repository of dashboards, views, searches, correlations, insights, reports and alerts are available to provide rapid time-to-value.
Logs are immutable to make deleting or modifying events impossible – either through malicious actions or accidentally.

Overview

The threat detection solution proposed is focused on providing actionable alerts 24x7 for high-confidence threats or suspicious behaviour, rather than a log aggregator producing numerous false positives.

Using a combination of machine data analytics and our information security consulting and engineering expertise, we’re able to analyse and correlate relevant sets of data to derive useful and actionable insights into notable security events. Stakeholders and end-users can be notified of specific security events via their preferred method of communication (e.g. Email, SMS, Teams, Slack etc). Relevant reports are also generated and made available on a periodic basis, which can be customised on request to suit any specific requirements. Event data is stored online and readily accessible for 12 months.

threat-detection-infographic

Actionable, not Noisy Alerts

The threat detection solution is built on a cloud native platform that aggregates and ingests log data from critical pieces of infrastructure, which uses machine data analytics and automated threat intelligence to provide contextualised security information and event management. The solution combines many of the leading and effective approaches into a single integrated highly accurate threat detection platform. This is achieved through:

  • Our tailored onboarding process to identify key characteristics of normal, not-normal and abnormal/suspicious activity;
  • Integration of multiple threat intelligence feeds, overlayed onto the client’s environment activity data;
  • A large pattern database of past compromise techniques and event signals;
  • Intelligent risk scoring of secondary attributes from third-party sources, such as obfuscation techniques, VPN endpoints, proxy avoidance sources, command and control sources, reputation databases, ISP and geographic databases;
  • Machine learning of business-as-usual usage characteristics, including configurable standard deviation variation boundaries, time of day learning and risk scoring based on primary and secondary characteristics;
  • Using ‘red-teaming’ and real-world compromise forensics to train the platform to detect actual threats and ignore false positives; and
  • Custom-developed alerting and reporting systems to meet the needs of business and technical representatives, providing actionable rather than voluminous information.

Get in Touch

Contact us today to discuss how your organisation can benefit from advanced threat detection.