Managed Security (Connectwise SIEM Pro)

Managed Security Incident and Event Management (SIEM) services are provided utilizing the ConnectWise SIEM Pro platform to continuously monitor, collect logs, analyze, aggregate, and correlate security events across the IT environment.

The ConnectWise SOC monitors the SIEM environment 24/7 for suspicious conditions and escalates alerts to the security team.

The security team is trained and familiar with the environment and business processes and investigates escalated alerts prior to notification.

Services include:

• Continuous collection and ingestion of relevant security event logs and alerts from the environment, including firewalls, intrusion detection systems, servers, endpoints, Microsoft 365, cloud and SaaS platforms, identity and access management systems, network devices, and other critical infrastructure, for analysis and correlation within the SIEM platform
• Support for direct integrations and advanced ingestion methods to enable broader coverage and richer telemetry
• Advanced correlation, behavioral analytics, threat intelligence, and contextual filtering within the SIEM platform to detect indicators of compromise and generate alerts when potential threats are identified
• Continuous monitoring, review, and triage of SIEM alerts by ConnectWise SOC analysts at all hours
• Escalation of alerts suggesting a potential or active security incident to the security team for in depth investigation
• Comprehensive analysis of escalated SIEM alerts to confirm whether a security incident is occurring, which may include deep log review, cross source correlation, forensic analysis, and assessment of endpoint and cloud activity
• Prompt notification when a confirmed incident is identified
• Where authorized, direct action may be taken to contain or mitigate a confirmed threat, including actions such as disabling compromised accounts, isolating affected endpoints, or blocking malicious network traffic
• Periodic reporting, such as monthly, summarizing security events observed and handled through the SIEM Pro service
• Reports may include alert metrics, incident summaries and outcomes, trend analysis, and strategic recommendations for tuning detections, improving controls, and strengthening overall security posture
• Note: The Pro tier includes the full suite of endpoint protection and response capabilities, including malware and ransomware defense, host isolation, memory threat protection, malicious behavior protection, and attack surface reduction.
• Microsoft 365 integration supports automated response and containment actions.
• All native integrations, including SaaS platforms, network devices, and IDS or network traffic, are supported directly without requiring custom connections.