AIS Managed SIEM

Cloud-based Security Information and Event Management platform that provides the proactive, preventative maintenance and technology you need to secure your workstations, servers, devices and networks. Multi-Platform Protection for Critical Business-Grade Anti-Virus and Analytics, Enterprise-Grade Anti-Malware Threat Intelligence, Filtering Web Content, Firewall Services, Reviewing firewall rules, Patching the latest vulnerabilities discovered, Inbound and Outbound Email Security.


Technology has transformed what’s possible for today’s small and medium-sized organizations, but it also increases exposure to potential security risks. The AIS Managed SIEM (Security Information Event Management) platform changes all that with enterprise-level, cost-effective protection for SMBs.

The AIS Managed SIEM (Security Information Event Management) Platform supports threat detection and security incident response through real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It provides real time analysis of security alerts generated by network-connected devices and on-premise, Cloud, and SaaS applications.



Why AIS Managed SIEM is different

AIS combines access to an experienced team with an innovative approach to technology to eliminate the high cost and complexity when compared with existing Enterprise SIEM platforms.

1

Delivery

The SIEM can be delivered solely as a managed SIEM platform or as a turnkey managed service. AIS’ IT consultants can implement, configure, and maintain the SIEM, while its SOC team can monitor and respond to security alerts.

2

Technology

The platform architecture utilizes both proprietary code and open-source packages, allowing for efficient development that results in faster-to-market functionality and more robust product features.

3

Integration

AIS Managed SIEM is agnostic in terms of device brand and infrastructure architecture. It can aggregate information from network-connected devices as well as on-premise, cloud (AWS, Azure, etc.), and third-party SaaS tools, or even hybrid infrastructure architectures.


Features

With AIS Managed SIEM, organizations can:

  • Reduce costs and internal IT resource strain with an affordable turnkey managed service for reduced root cause analysis time for security, performance, reliability issues
  • Confidently manage evolving threats proactively across all devices and platforms
  • Increase ROI by maximizing the value of security investments and identifying opportunities for Cloud service cost savings
  • Reduce audit effort and expense for PCI, HIPAA, and other standards
  • Single portal for centralized security and event log collection, monitoring, analysis, and alerting
  • Device brand agnostic, and infrastructure architecture agnostic aggregates, on premise, cloud, third party SaaS, and hybrid infrastructure architectures
  • Ability to grant granular permissions to specific users
  • Seamless collaboration with when working with AIS or vendors for escalation support
  • Ability to be provided solely as a Managed SIEM Platform to a fully managed SOC(Security Operations Center)
  • Reduces implementation and overall learning curve of employees, time and cost keeping alerting conditions up to date
  • Ability for proactive action on alerts and threats, IT departments don’t have time to address alerts and concerns response team provided
  • Flexible tiered response
  • Dashboard and Alerting s Provided with Best Practices Guidelines where customers can customize
  • Identifies Device configuration changes and errors
  • Ability to monitor security audit logs to detect unauthorized access attempts
  • Robust security policy control
  • Robust real time, automated, and custom Alerting and Dashboard capabilities
  • Alerting based on standard and custom monitoring conditions (i e Office 365 Logins from Outside the United States)
  • Web dashboards to view real time and historical status at a glance

Benefits

  • Provided as an affordable Turn Key, Managed Service
  • Automated alerts sent via flexible transport methods (Examples: text message, email, slack, etc)
  • Manages evolving threats proactively
  • Provides confidence in closing gap between perceived and actual security
  • Maximizes value of security investments
  • Frees IT staff to focus on business initiatives
  • Provides single pane of glass visibility across all devices
  • Reduces audit effort and expense for PCI, HIPAA and other standards
  • Access to security professionals and expertise




Financial Analysis of IT Solutions

Ingest Logs from IT Business Solutions (Cloudflare) being used in your environment and Turn Data into Actionable tasks- The SIEM can ingest logs and data from other data sources/solutions and give IT Departments insight and the ability to make data backed decisions around cost removing uncertainty.

Business Intellectual Property

Data Loss Prevention/Information Lockdown- The SIEM can detect if files are being exported/imported instead of being stored where the information security policy dictates.

## Example Project Plan
Implementation
  • Alert conditions and configuration
  • Alert and Dashboard Review Meeting
  • Customize Grok Patterns to ensure fields are extracted properly
Discovery
  • SIEM Requirements Gathering
Validation
  • Customer Diligence AIS SIEM Compliance Docs
Recurring Quarterly
  • Review customer specific alerting criteria
  • Quarterly Meeting
Recurring Ongoing/As Needed
  • Alert triage False positive identification, correlation and escalation
  • Verified incident reporting – Threat explanation, criticality evidence, affected assets/users, remediation next steps
Recurring Monthly
  • Monthly Meeting Alert activity review

Recurring Tasks

Review customer specific alerting criteria
Alert triage False positive identification, correlation and escalation
Verified incident reporting – Threat explanation, criticality evidence, affected assets/users, remediation next steps
Monthly Meeting Alert activity review
Quarterly Meeting
Last modified August 2, 2022