Managed Detection and Response
Managed Detection and Response
Cyber Threats are real. Federal, state, and industry regulations are increasingly putting pressure on organizations to invest heavily in cyber security. The availability of good security professionals is in short supply. Even though Large organizations have budgets to address, they rather use their resources to mitigate the risks rather than monitoring the alarms. Small and Medium size businesses are caught in a dilemma. They don’t have the resources to manage the cyber threats and ensure that their network is monitored.
Securely Managed has created a managed security service offering just for you!
Our MSSP solution is based on AlienVault, now owned by AT&T and operated as AT&T Cybersecurity. AlienVault solution is a Unified Security Management (USM) solution that operates as USM Appliance and USM Anywhere and is a very quick solution to implement. The USM Anywhere is a cloud-based solution that is accessible from anywhere if you have the right credentials and link. AlienVault’s USM Anywhere includes five essential security functions that provide enhanced visibility to your IT operating environment. These functions allow AlienVault USM to deliver threat detection, incident response, and compliance management across all IT environments. The security functions are:
AlienVault USM supports a tiered and distributed architecture. At the bottom of this architecture are the agents that are installed on the endpoints. The agent can be AlienVault’s native agent or NxLog service, if NxLog is already installed. Where the system supports syslog, the syslog can be forwarded to AlienVault so that the USM Anywhere serves as the syslog server. As such system log events from Windows, Linux, and network infrastructure devices are ingested and analyzed by USM Anywhere.
Depending on the size of the organization, one or more sensors are deployed within the organization. The sensor is responsible for performing the grunt work of discovering assets, performing vulnerability scans, identify software, etc. AlienVault sensor can be installed on a VMware, Hyper-V, Azure, or AWS platform.
As the sensors collect events, these are forwarded to the sub-domain in the cloud for analysis and correlation. In case of a security incident, an alarm will be generated at the sub-domain. The browser access provides access to the users at the sub-domain where the users can view alarms, configure the system, or generate reports. What the user is able to do depends on the access rights granted the user.
AlienVault provides a seamless integration to a list of cloud applications through its AlienApps integration. Some examples of these integrations include Cisco, Office 365, Google G Suite, McAfee ePO, Sophos, Carbon Black, PaloAlto, etc. The list of application continues to grow.
Reporting and SOC Services
The AlienVault USM overview dashboard shown below provides various types of information, at a glance, to the user. In addition to the overview dashboard, AlienVault USM has other information and configuration screens that provide more detailed information through its drill-down capability. In addition, it provides search and filtering capabilities to allow the user to reduce the scope of displayed items.
Windows Assets Dashboard