With regards to SIEM, there are many tools to use. Requirements naturally dictate which is best, but costs can vary greatly. Splunk is one of the most popular and naturally the most expensive to use. Its licensing is based on the amount of data received and process, but it provides a treasure trove of information when trying to protect an organization.
Our MSS (Managed Security Services) for organizational risk are based on best business practices and ISO/IEC 27001 Information Security Management for maintaining what is called the “ISMS” or Information Security Management System. Put simply, we build your ISMS to manages cyber security processes like:
● Systems health, availability and performance monitoring
● Systems scanning for configuration management, compliance and patch management
● SIEM (Security Information and Event Management)
● Incident Response and Threat Management
● Build policies and procedures
● Manage critical infrastructure
To perform these management activities, we use our six-step process to decide what can be done on site, what should be done within our Cyber Security Operations Center (CSOC), and what types of software and techniques are optimal and meet requirements. Generally, we categorized our security management services into three distinct levels are based on complexity and pricing to better fit your organization. To assist our customers in selecting the right type of monitoring solution, we offer three different levels of monitoring based on these four areas. Our monitoring solutions can either be on-site at your location where it is installed, configured and maintained by us, or off-site through our Cyber Security Operations Center (CSOC).
After the infrastructure has been addressed, ensuring proper management of vulnerabilities and patch management are the next step. In this area, tools and their associated prices vary greatly. As we look at OpenVAS and GFI LanGuard. OpenVAS has no licensing fee and can be used to meet regulatory requirements. The drawbacks naturally are that it does not come close to the level of accuracy or information provided by other tools like GFI LanGuard. GFI LanGuard provides much deeper level of analysis and can also provide services like configuration management and patch management but comes with a premium price.
Gold Level Services (For large multinational enterprises or high-risk environments)
● Intrusion Detection System (IDS), firewall and network management with log analysis
● Network management, event monitoring, bandwidth utilization, access control list optimization, and operating system health monitoring
● Server event monitoring, logging, and operating system health monitoring
● Patch Management and systems baseline management
● Daily, weekly, or monthly network/system compliance scans
● Active web gateway management (Internet filtering both encrypted and unencrypted)
Silver Level Services (For large companies or medium-risk environments)
● System, firewall and network logging and event analysis
● Network management, critical event monitoring, and system health monitoring
● Server event monitoring and operating system health monitoring
● Basic Patch Management and systems baseline management
● Monthly network/system compliance scans
● Medium web gateway management (Internet filtering)
Bronze Level Services (For small companies or low-risk environments)
● System/Network up-time, monitoring and logging
● Quarterly network/system compliance scans
● Quarterly antivirus monitoring
● Basic web gateway management (Internet filtering)
● Basic firewall rule logging and analysis
Cyber Security Management Service Examples
To give a background on differences between levels of service, a discussion covering what specific products can do should be done. Whether it be SIEM, a security management tool, or building enterprises processes, the cost of implementation can vary greatly. These costs can be either based on data amounts (for example Splunk is based on total amounts of log data produced) or by the system monitored.
Beginning with the infrastructure, proper segmentation and processes need to be established prior to any monitoring or logging activities. We provide our “Enterprise in a Box” solutions to ensure organizations start on the correct path with implementing security for the first time. We can deliver pre-packaged solutions like those seen below that best fit your organization and ease the transition into an enterprise environment that can use our MSS.
On the other end of the spectrum, there is open-source software to use for log analysis like Elasticsearch. Like the security scanning software, it does not provide many of the benefits of software like Splunk but can it can be used to give a basic level of security to small organizations that may not have a high-risk level.
Silver Bullet Security © 2010 | All Rights Reserved