SecureDetect SIEM is a co-managed SIEM service where a SIEM platform is used to provide detection of threats in the environment. The service has three components:
- SIEM platform
- Managed SIEM service
- Security Analysis service
Customer that already have a SecureLink CDC approved SIEM platform and can manage the operations of the platform, can choose to only buy the Security Analysis service, to help analyse the events.
Customer that already have a SecureLink CDC approved SIEM platform but not the resources to either operate the platform or analyse the events can buy both the Managed SIEM service and the Security Analysis service.
Customer that does not have anything, can buy all three from SecureLink.
The main reason why many SIEM implementations has failed is that there where no plan in place for what to collect, what to do with it nor why it was collected. Just throwing events at a SIEM without a plan will generate few good alerts and many false alarms making it ineffective and costly.
SecureLink has developed a use-case based approach to detect threats. By starting with defining the risks and how to detect them, relevant data required to support this detection can be identified and collected and relevant risk indicators can be implemented and monitored.
Once standard detection is in place, further use cases can be developed together with the customer to optimize the detection for their specific environment.
In addition to this, SecureLink also offer an add-on service to do active threat hunting across all data collected. Threat hunting outcome can, when applicable, update existing use cases to improve realtime detection.
Flexible service offering that complements your existing infrastructure and competences.
Use case based approach continuous updated to mitigate latest threats.
Custom detection based on customer specific use cases.
Threat hunting to find pattern that only humans can detect.