A common approach in corporate IT departments is to analyze the different technology’ audit trails and security events individually and separately. The need to correlate these events has become apparent due to more sophisticated attacks spanning over different technologies. As an outcome of the need to understand security events, a Security Event Management (SEM) solution was developed as the next step of security event data mining.
SEM solution takes captured information from different technologies, analyzes it and produces human readable output. It allows users to better analyze, correlate and mine security events generated by different technologies.
This service conforms to key components of many compliance regulations such as PCI-DSS, Sarbanes-Oxley (SOX), Canadian Securities Administrators' (CSA) MI 52-109 and ISO27002. Our SEM Service offers a high-value expert analysis provided by information security specialists.
RSS Inc. provides an outsourced SEM managed service for clients who do not have internal resources or expertise to operate the solution. Companies faced with this challenge turn to us for help in security events’ correlation and analysis.
The immediate benefit to an organization is to provide a broader insight of security events generated by different technologies. This information can be used by the organization to detect abnormalities or unauthorized occurrences. SEM solution plays an integral and crucial part of corporate Security Risk Management. It reduces risk by identifying problems quickly by traversing different technologies at once. SEM will provide mature automation controls in implementation of governance framework such as COBIT and ITIL.
The analysis of the detected abnormalities or unauthorized occurrences of targeted assets will be used to prioritize the response by utilizing solution’s trending and correlation ability with focus on the risks arising from security events by monitoring critical assets, internal compliance, reporting, monitoring and incident handling. SEM solution augments as a real-time forensic analysis tool. The outcome of the comprehensive analysis will be presented within different reports ensuring corporate compliance with industry, legislative, regulative standards and/or requirements.
The information contained within these reports will be analyzed and mitigation steps will be proposed to the client. The mitigation steps presented will address the immediate concern of the ongoing suspicious activities.
The RSS Inc. team will provide mid and long-term preventative steps in order to mitigate future incidents.
SEM service is a complete solution of software, hardware, and services providing our clients with assurance that their security events are being continuously reviewed for information security issues. The service provides proactive analysis to isolate real security threats from false alarms. The solution also provides professional assistance in detecting and managing security incidents.
The solution encompasses the following deliverables:
Professional assistance in selecting, architecting and implementing SEM Solution
Professional assistance in configuring devices and logging level
Establishing secure delivery path for client security events
7×24 proactive monitoring
Identify security events using internally developed scripts and techniques
Interpreting audit trail or logs
Event Correlation analysis
Security Alert Response Service
Storing security events
Actionable and Pragmatic Recommendations