What’s Included
Managed security incident and event management SIEM services are provided utilizing ConnectWise SIEM platforms to continuously monitor, collect logs, analyze, aggregate, and correlate security events across the IT infrastructure.
The ConnectWise SOC monitors for suspicious conditions on a 24/7 basis and escalates alerts to the security team.
The security team is trained and familiar with the environment and business processes and investigates escalated alerts prior to notification.
Services include:
- Continuous collection and ingestion of relevant security event logs and alerts from the environment, including logs from firewalls, intrusion detection systems, servers, cloud services, identity and access management systems, and other critical infrastructure, for analysis and correlation within the SIEM platform
- Analysis of incoming data by the SIEM platform, augmented by the ConnectWise SOC, to identify patterns or indicators of security incidents and generate alerts when potential threats meeting defined criteria are detected
- Review and triage of SIEM alerts by ConnectWise SOC analysts at all hours
- Escalation of alerts indicative of a possible security incident to the security team for further investigation
- In depth analysis of escalated SIEM alerts to confirm whether a security incident is occurring, which may include review of detailed log data, correlation of events across multiple sources, and assessment of the legitimacy of the threat
- Prompt notification when a confirmed security incident is identified
- Direct action may be taken to contain or mitigate confirmed threats, such as disabling a compromised user account or blocking a malicious IP address at the firewall
- Periodic reporting, such as monthly, summarizing security events observed and handled through the SIEM service, including alert volume and type statistics, notable incidents and outcomes, and recommended changes to security controls or practices based on observed trends