Maximise threat detection with Next generation proven technologies monitored by our cyber security experts 24/7/365

Not all organisations can afford to run their own Security Operations Centre. Two key challenges are training and retaining the staff to monitor events and alerts coming from a SIEM solution. Nazar, Communicate Plc’s fully managed monitoring, Detection and Response service combines Next Generation security information and event management (SIEM) with our Cyber Security Experts monitoring and investigating suspicious activity.

“In a recent SANS survey, 59% of respondents indicated that a lack of trained security staff and skills were the biggest challenges when it came to threat intelligence and detection / SIEM initiatives.”

Detection from Day 1

With the Communicate PLC Nazar solution, detection of threats starts from the minute the system is installed. We have built up an extensive library of rules which are updated daily from our Security Operations Threat intelligence team, our penetration testing lab developments and from the OTX Open Threat Exchange.

Whilst this gives you good coverage from day one, this is not our work completed. We then tune the device based on three key metrics - your environment, your web presence and your systems which are likely to be exploited (This may be due to poorly written applications or systems which are vulnerable and unable to be patched at that stage)

Why our Clients Outsource

A SIEM solution like ours and many of the leading technologies produce a huge number of events and alerts which need to be reviewed. We take feeds from multiple sources including, but not limited to, network security monitoring (NSM), host-based intrusion detection system (HIDS), network-based intrusion detection system (NIDS), Windows logs, Firewall and Switch logs. This can create hundreds of events an hour which need review from a Cyber Security Expert (SOC analyst). Combining the right bespoke tuning and technology will minimise false positives, but will still need someone available 24/7 to monitor and analyse the alerts.

Why do implementations fail?

Our penetration testers perform attacks against many different SIEM solutions, of which we have 100% success with gaining undetected access to non-tuned or misconfigured SIEM solutions. This gives us an insight into the weaknesses of these tools. Through our experience of many years of tuning these devices we are able to see the incredible potential these devices have to detect a breach without huge outlay.

“In a recent SANS survey, 59% of respondents indicated that a lack of trained security staff and skills were the biggest challenges when it came to threat intelligence and detection / SIEM initiatives.”

Our managed Monitoring, Detection and Response

Our systems can detect and notify you within 15 minutes of an alert of a suspected breach or virus outbreak. In addition, we can provide a response from our UK-based SOC team to stop the intruder before any damage is done*.

Using state of the art detection technologies, complemented by our 24/7/365 Security Operations Centre (SOC) team, our managed SIEM takes the hard work and laborious analysis to remove false positives and/or investigate alerts away from your internal resource.

* Based on pre-agreed scenarios where Communicate has strict guidelines on how to react.

STORAGE AND ANALYSIS

Log data is stored long-term in the NAZAR secure hardware or Cloud service for compliance/forensics requirements thus providing trustworthy, reliable logs.

Log retention periods can be aligned with your compliance and internal requirements, meaning we can search and analyse the logs quickly and efficiently. For example, you may be required to look at specific user’s access information, web history or application usage from several months ago where stand-alone logs are unlikely available for this time period or have all the relevant information. Your logs, events and alerts can be held for periods of over 12 months or whatever your requirements may be.

REPORTING

Our comprehensive reporting capabilities combine the convenience of pre-packaged reports, with the extensive knowledge of our engineers to provide you with custom reports. These custom reports enable the ease of “fit for purpose” data distribution.

We build and compile the reports for you so you don’t have to.

From over 1,000 pre-defined reports and 3,000 additional templates, we will provide you with custom reports for security, operations and both internal compliance and external assurance including:

PCI DSS, GDPR, GLBA, GPG13, HIPAA, ISO 27001, NERC CIP, FFIEC, FISMA and SOC 2

WHAT ENVIRONMENTS CAN WE COLLATE, MONITOR, DETECT AND ANALYSE

  • Agents, Agentless, Network, Syslog and Specific decoders for devices like SCADA, PLC and many other bespoke services
  • Cloud Infrastructure, AWS, AZURE and other datacentres
  • Cloud Apps Office 365, G suite, Okta and many more
  • Physical and Virtual Infrastructure on prem servers, workstations and devices