200813-0226

INDE SIEM

Event correlation and risk-management for modern networks

Solution fit

The Inde SIEM solution is designed for companies who want to manage their risk of compromise proactively and would like to have this task performed by a skilled Security team (SOC) with a best of breed solution.

Some questions that are asked of CIOs or IT Managers that may prompt these considerations are:

  • Do you have a best in class event correlation product with analytics and smart response remediation?
  • Are you centrally collecting data across your entire network environment to gain real-time visibility into activity that may potentially introduce risk to your organisation?
  • If you find an indicator of compromise are you able to tell what you are looking at and how it became compromised?
  • If you have a SOC or at least one security specialist on your team, do you have cover for them when they are unwell or go on holiday?
  • Does your organisation have legal or compliance requirements that require you to take “reasonable care” with IT security?

Solution overview

At its most fundamental level, a SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may potentially introduce risk to the organisation.

IndeSIEM is powered by LogRhythm’s NextGen SIEM Platform as a comprehensive, fully managed SIEM-as-a-Service solution.

Our service delivers comprehensive security analytics combined with Security Orchestration and Response (SOAR) capabilities within a single, integrated platform to enable rapid detection, response, and neutralization of threats identified.

SOAR expedites workflow across the entire SIEM Platform, primarily automating workflows and accelerating threat qualification, investigation, and response - ensuring Inde security analysts are efficient and effective inside your environment.

Our platform has been designed to strengthen the maturity of your security operation, better aligning your technology, team, and processes.

From day one, IndeSIEM will provide your organisation with coverage across the following high-level use cases:

  • Credential compromise (examples: O365/email phishing)
  • Host compromise (examples: creation of persistence, malicious scripting, command & control)
  • Lateral movement (examples: internal host brute force, pass the hash)
  • Retrospective analysis (examples: incident response, user investigation, threat hunting)
  • Compliance (examples: privileged group membership monitoring, file activity monitoring)

By consuming IndeSIEM; your organisation can realise the following benefits:

  • Ability to detect attacks and any subsequent data breaches earlier through in-depth analysis of network and endpoint events
  • Gain direct access to Inde’s security and operational expertise, access to threat intelligence, and custom SIEM and Sysmon rules
  • Leverage Inde's trained security analysts who are skilled in SIEM and Office 365 event analysis with a proven history of detecting compromise Inde client environments
  • Self-service access to the SIEM portal and logs for transparency and ability to utilise for own requirements
  • Significantly improved logging to assist forensic investigations post incident.
  • Single point of log collection and storage across devices and cloud systems

Samples

The Security operations dashboard is where the detection and response capabilities are surfaced. It provides a high-level overview of where detections were seen and highlights where response actions are needed.

From the security operations dashboard you are able to see aggregated events to facilitate the identification of significant events or behaviours in your environment. You can also drill down into granular events and low-level indicators.

It also has clickable tiles that give visual cues on the overall health state of your organization. Each tile opens a detailed view of the corresponding overview.

Picture1

 

WANT TO LEARN MORE?

Fill out the form and one of our experts will be in touch soon.