Simplifying SIEM with Managed Security Services
Pratum's Managed SIEM provides security expertise and a holistic view into network activity. Rely on Pratum's security operations center (SOC) to deliver a managed security service that provides continuous data analysis, threat intelligence, and security incident reporting.
Pratum's SOC is operated by a team of security analysts and consultants who notify businesses of security incidents, and guide them in making appropriate security decisions throughout the response process. Pratum's analysts have a wide range of security expertise and reputable certifications.
Ready to understand what's happening on your network?
The Pratum staff is easy to work with and we consider them a valuable partner when it comes to combating future security risks in the always-changing IT environments.Adam Ward Business Development Manager - Scantron
What to Expect from Pratum's Managed SIEM
Security Information and Event Management provides businesses with mounds of data, but Pratum's incredible team of security analysts and consultants utilize SIEM to turn that data into actionable security information.
Pratum improves your security posture while decreasing your workload by:
Establishing a Security Partnership
Our managed SIEM service is relationship based. Pratum's analysts design unique security rules based on each clients' business needs and technology environment. These unique rule sets enable our analyst to properly identify and respond to security threats. Our partnership helps businesses establish a stronger security posture and meet compliance requirements when necessary.
Identifying and Reviewing Security Incidents
Pratum's SOC identifies and reviews alerts prior to sharing them with clients. This ensures that clients are not burdened with false positives and other distracting alerts.
As first responders to security incidents, Pratum's analysts have a vested interest in creating efficient security rule sets that provide the best security alerts with minimal false positives. The mitigation of misleading alerts makes it possible for analysts to focus on the incidents that pose a legitimate threat to the confidentiality, integrity, and availability of client information.
Escalating Security Alerts (24x7 Security Monitoring)
Pratum's managed SIEM provides around-the-clock log monitoring and management. When an after-hours incident occurs, analysts review the incident and only notify clients if a response is immediately necessary. This means that you won't have to get out of bed when a non-critical alert is generated.
- API’s for integrating external threat feed intelligence — Malware domains, IPs, URLs, hashes, Tor nodes
- Built-in integration for popular threat intelligence sources — ThreatStream, CyberArk, SANS, Zeus
- Technology for handling large threat feeds — incremental download and sharing within cluster, real-time pattern matching with network traffic. All STIX & TAXII feeds are supported
Threat Intelligence and Indicators of Compromise (IOC) and Threat Intelligence (TI) feeds from commercial, open source and custom data sources integrate easily into the security TI framework. This grand unification of diverse sources of data enables Pratum to rapidly identify root causes of threats, and take the steps necessary to remediate and prevent them in the future.
Crucial context for log analysis is connecting network identity (IP address, MAC Address) to user identity (log name, full name, organization role). This information is constantly changing as users obtain new addresses via DHCP or VPN.
Our SIEM solution utilizes a dynamic user identity mapping methodology. Users and their roles are discovered from on-premises or Cloud SSO repositories. Network identity is identified from important network events. Then geo-identity is added to form a dynamic user identity audit trail. This makes it possible to create policies or perform investigations based on user identity instead of IP addresses — allowing for rapid problem resolution.
Predefined correlation rules as well as more advanced machine learning help identify insider and incoming threats that pass traditional defenses. High fidelity alerts raise the profile of high priority actions identified within the organization.
Virtual collectors deliver aggregated data to Pratum’s multi-tenant analysis environment. From there, an advanced analytics engine, utilizing complex algorithms, detects patterns and correlations in data over time. The analytics engine can be easily adjusted to fit the unique needs of each client. Adjustments to the engine help prioritize incidents and identify advanced persistent threats (APTs). This includes combined patterns of network, system, application and user activity. Ultimately, the alerts are reviewed by security analysts and communicated to clients, based on pre-determined risk profiles.
Pratum’s SIEM consolidates logs from devices throughout a network, enabling the detection of patterns and correlations in data over time. The intelligence provided by SIEM allows incidents to be categorized according to their severity, and improves an organization’s security decisions.
SIEM is considered an IT best practice, and for regulated industries it is an audit compliance requirement. It supports IT service reliability by maximizing event log value and is used to aggregate, decipher, and normalize non-standard log formats.
SIEM utilizes real-time data collection and historical analysis to provide a holistic view into your organization’s security alerts and activities. Through in-depth network visibility, SIEM is able to detect anomalies in network flow data and alert you as incidents occur. The optimized response time minimizes an incident’s impact while allowing Pratum to swiftly identify the attack source.
Event monitoring is the only way to gain a complete understanding of what is happening inside your technology environment. Discovering incidents on your own may sound like an easy task, but that is not always the case. Industry studies show - in 99% of POS Intrusions and 88% of Web App Attacks* - someone else notified the victim of the breach. Not only is that embarrassing, it can leave organizations exposed for months at a time and create significant legal liability. Pratum’s SIEM solution alerts organizations as an incident is happening and allows for the halting of a breach and discovery of the attack source.
Pratum can collect, parse, correlate and store logs from virtually all IT infrastructure sources. The solution automatically interprets the device type and how to process the event logs as they are received. The parser intelligently categorizes the source of the log into different device groups and server categories.
- Network activity logs from Firewalls, Routers, Switches, VPN Gateways, Wireless LAN, Web/Mail Security Gateways, and Network IPS
- Network resource utilization and anomaly detection from network flow data
- Server operating system activity logs from Windows, Unix, Linux and virtual machines
- Network infrastructure application logs from domain controllers, authentication servers, DNS and DHCP servers, and vulnerability management servers
- User application logs from web, application, and database servers
Interested in learning more about SIEM?
More Than Technology
Pratum's Managed SIEM is more than a technology platform, it is a service comprised of security analysts who care about the confidentiality, integrity and availability of your business' sensitive information.
Direct Communication with Security Professionals
Pratum's analysts review initial security incidents generated within the SIEM. They filter out false positives and unnecessary alerts to provide clients with only relevant information. This improves efficiency and allows clients to spend more time on their core business.
For the incidents that require attention, Pratum's analysts communicate with clients, providing insight into log monitoring and management and offering advice on what to do with the information. This collaboration helps clients make the best decision for their business.
Network Visibility, Now and Historical
Pratum's Managed SIEM provides extensive knowledge into network activity. This includes visibility into the who, what, when and where of the actions being performed within your environment (across your devices). Pratum helps enhance visibility by making policy recommendations and performing configuration audits and system adjustments within the managed SIEM service.
Pratum provides log retention for a full year, which enables clients to access 12 months' of live searchable security data at any time. This is a huge help in running security reports and performing historical analysis. Users are able to search for information across all device being monitored on the network.
Rulesets Tailored to Your Business
Pratum's Managed SIEM is a relationship based service. Pratum's analysts utilize security ticketing to initiate dialogue with clients. Tickets provide information that helps explain what Pratum's analysts are seeing through the SIEM platform and arms clients with the information needed to take action.
Pratum works with clients to receive feedback from tickets. Analysts work through the process to refine security rules by engaging with clients and making adjustments based on recommendations. Customized rulesets provide a tailored SIEM solution that is both efficient and accurate.
I find great comfort in knowing that Pratum is there for us. It is very re-assuring to know that Pratum is continually monitoring our systems for threats and pro-actively notifying us if they notice a potential risk.Steve Harper Vice President, Information Technology - LGI