Be proactive rather than reactive with your security
<!––> Many IT security teams spend much of their time focused on preventing a security breach. As a result, a “reactive” rather than a “proactive” response is implemented where technology and processes require continuous monitoring and remediation. This is where SCC can help… SCC’s Managed SIEM service or Cyber Security Service (CSS) can deliver a full view of known and unknown security offences by collecting data from multiple sources and proactively alerting when a threat is detected. Following the detection of a threat we work in partnership with the organisation and provide advice on the best course of action. This can help organisations meet their regulatory and security compliance requirements. The CSS service monitors and alerts against suspected security events within your environment, both externally and internally by utilising IBM’s QRadar User Behaviour Analytics tool. For external threats on receipt of a qualified Security alert, SCC automatically correlates and logs the incident against the relevant Security Incident classifications. A further assessment of the Security Incident will begin and provide guidance, advice and propose remediation activities for the organisation within Security Incident Assessment Response Target times detailed within the service. Service Outline SCC’s Cyber Security Service provides organisations with detailed insights of their IT infrastructure, helping to identify and protect against security threats and vulnerabilities, ensuring the availability of your core IT applications and deliver against regulatory and compliance obligations. There are a wide range of SIEM software and other security technologies available, but many organisations have realised that software alone will not bring the full level of security required. The CSS service from SCC can work with third party teams to transition incidents that need to migrate from the Cyber Security Centre into the resolver teams. This will ensure efficient resolution is maintained at a high level and we ensure the resolver teams receive the information they require at the time they require it, aligning a Security Analyst to work within the resolver teams during incident management. The service is designed to detect anomalies and uncover advanced threats. Log events are consolidated and network flow data from devices, endpoints and applications distributed throughout a network. This service is operated from SCC’s Cyber Security Centre in the UK, where a team of Security Analysts monitor incoming alerts and events. The CSS service remains continually up to date with the latest threats and vulnerabilities provided by IBM X-Force Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts and spam sources. Service Offerings SCC can provide our Managed CSS at one of three levels depending on your requirements; Base, Managed or Enhanced. Across all three service levels, SCC will collect, store and analyse security event data, consolidate log events and network data from your devices, and endpoints distributed around the infrastructure. Going further and as previously mentioned, our CSS actively seeks to provide advice on the best course of action following detection of a threat. The ‘Base’ service level provides the above described service across an organisation’s perimeter and authentication systems, however is restricted to only capturing Operating System and Security logs. The ‘Managed’ service level provides the above described service across all systems hosted in your environment, excluding cloud based services. Additionally to capturing Operating System logs, the ‘Managed’ service level is capable of capturing logs from IBM supported applications as well. The ‘Enhanced’ service level provides the above described service across all environment’s utilised by customers, including cloud based services. The ‘Enhanced’ service level is also capable of capturing logs from any IBM supported application. Related documents: Case Study IBM Qradar Datasheet SCC Security Lifecycle If you have any questions please email us at [email protected].