BlueSOC LogSentry

24/7 SIEM monitoring,
analysis and incident reporting
Overview

Many organizations lack the resources to deal with cyber threats that could cause downtime and reputational damage, or impact the ability to comply with regulations, such as GDPR and PCI DSS. SIEM monitoring offers visibility into your security estate, enabling log monitoring and analysis by cyber security experts 24/7 to detect security incidents and ensure compliance.

Security monitoring and detection of security incidents are no longer an option for organizations and companies, but a requirement based on business needs as well as compliance. Logs from infrastructure, services and applications are one of the most important areas to monitor, but also one of the most complex to implement and manage.

In many cases the complexities of log management and analysis have resulted in investments in systems that are not used efficiently, or where the investment has not been fully realized. When not done properly, this could lead to difficulties meeting security and compliance requirements, for example adhering to ISO 27000, SOC 2, PCI DSS or GDPR, as well as putting the business at risk of being breached without timely detection.

The solution – 24/7 SIEM monitoring managed by experts

Combining the right logs with relevant analysis queries, threat intelligence and experienced security analysts is an effective way of detecting and managing incidents.
In addition to incident detection, the same data can be used to compile reports for review and give live insights into the organization’s security posture to help meet compliance requirements.

To enable this, LogSentry has been created and developed to provide a fully managed SIEM service managed by our BlueTeam in Sentor’s BlueSOC – the defensive part of our SOC services. By combinating market-leading technologies, threat intelligence and 24/7 monitoring, our security analysts can detect and respond to cyber threats and security incidents in near real-time. Sentor’s BlueTeam becomes an extension of your internal security team with the objective of protecting your business and reducing the response time in the event of an incident.

In addition, a SIEM service like LogSentry can help you answer crucial questions that makes it possible to investigate and report incidents in a way that satisfies regulatory authorities that monitor your compliance. With data collected by the BlueTeam, you get a picture of what happened, when it happened, which systems were exposed and which user who failed – basically all information required to report incidents in an accurate way.

How it works

LogSentry uses a well-tested project model to identify requirements, relevant logs and quickly deploy and integrate log sources. Sentor has ready-made detection capability, taking the guesswork out of creating use-cases and finding relevant events in large amounts of log data.

All alerts are manually validated and enriched by Sentor’s BlueTeam, and incidents are reported and escalated to fit the individual organisation.

In addition to the security monitoring performed by Sentor’s BlueTeam, the customer also has access to the log system, making it possible to utilize log data for other use-cases and requirements, for example operational problem solving, etc.

Step by step

  • Initial deployment project identifies business requirements, deployment scenario, log sources in scope and specific requirements
  • Sentor deploys the service together with required customer resources, ensuring a fast deployment, log quality and working detection use-cases
  • 24/7 SOC monitoring of alerts as soon as log sources are integrated and have passed quality control, incidents are escalated according to individual Incident Response Plan (IRP) as individual tickets in Sentor Customer Portal.
  • Changes to the service, adding or deleting log sources, new detection capability, etc, are managed during the service period
  • Monthly service meetings and reporting

Key advantages

  • Fast implementation of a fully functional SIEM system
  • 24/7 analysis and escalation of incidents
  • Ready-made security detection for common log sources
  • Customer has full access to the standard search interface and can utilize logs for other purposes, for example operational troubleshooting, etc
  • Service can be customised regarding for example in-house developed applications, customer dashboards or specific detection
  • Service Delivery Manager is included as part of the service, facilitating monthly service meetings, reporting and acts as a single point of contact regarding service delivery

Want more information? Write your e-mail address and we will get back to you!

Security Operations Center

Sentor’s managed SOC services are divided into two types; BlueSOC services and RedSOC services. BlueSOC services are defensive by nature and aim to maintain internal defense, by detecting and responding to cyber threats. Sentor’s RedSOC services are offensive and aim to continuously identify and address deficiencies in the customer’s security posture, both technical vulnerabilities and more structural weaknesses.

Read more!

Want to get in touch?