MENU

Security Information and Event Management

It is important for organisations to understand the threats and vulnerabilities that exist within their environments. One of the problems they often have is insufficient visibility, making any remediation or mitigation more challenging.

Understanding the security areas that matter is one of the key enablers of an enhanced security posture, and the beginning of supporting an effective control over both internal and external threats.

We have partnered with AT&T Cybersecurity to offer you their AlienVault SIEM solution. We have also incorporated AlienVault into the SSS cloud-based Managed SIEM service where we can help you manage and streamline your threat detection and threat capabilities.

Additionally, we also offer the Tripwire solution.

Read more about these solutions below.

Want to know more?

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our solutions to help you with your security information and event management, of if you would like to see a demo of any of our solutions.

Request more information3

All solutions logo 01 Solutions + Partners

  • SSS Managed SIEM Service

    Identification, management, and remediation of security threats are key components for effective cyber security posture.

    Identification, management, and remediation of security threats are key components for effective cyber security posture. Our Managed SIEM service provides a modular set of capabilities to assist with achieving a better posture, without the overhead normally associated with SIEM platforms.

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our SSS Managed SIEM Service.

    Request more information3   Request a demo

    Our Solution

    We have partnered with AlienVault, a leading provider of Threat Management and SIEM. Together we provide a cloud-based turnkey service to provide threat detection and response capabilities across your environments.

    The SSS Managed SIEM service provides a leading SIEM platform, along with the knowledge and experience that SSS clients have come to trust in our 30+ years in the industry. We have designed the service to provide insights and perspective across internal and cloud environments, flexibility to adapt to varying requirements, and deliver at an affordable price.

    Key Features

    • Platform management
    • Asset discovery
    • Log retrieval
    • Intrusion and anomaly detection
    • Security event management
    • File integrity monitoring
    • Compliance templates
    • Customisable dashboards
    • Threat intelligence
    • Vulnerability assessments
    • Threat intelligence gathering and correlation
    • Behavioural monitoring
    • Alarm management
    • Endpoint detection and response capability
    • Weekly and monthly reporting
    • Critical incident management and analysis

    Overview

    The service is cloud-hosted and utilises sensor virtual machines deployed on your network to collect data. These sensors run scans and remediation activities, and feed data to the cloud platform for log management and data correlation.

    Service Establishment

    Use case analysis and requirements gathering are a key part of our service establishment. This allows us to support a personalised service per client, rather than a one-size-fits-all approach.

    • Personalised discovery workshops.
    • Industry-standard best-practice templates to guide the delivery and outcomes of the service.
    • An agile approach to support the delivery of projects in an iterative manner.

    Managed SIEM Service

    • We provide a managed service of the AlienVault cloud platform on a monthly subscription basis.
    • We provide analysis of the data collected by the platform and assist in alarm investigation.
    • We provide recommendations and help develop response plans.
    • We provide weekly reports on the activities for that week, and highlight key areas of opportunity, and also where remediation has reduced overall risk.
    • The service is scalable supporting organisations of any size.
    • A full pay-as-you-grow (as a service) commercial model with a 30-day termination option.

    Additional Sensors

    • One sensor is included in the base service.
    • Additional sensors can be purchased to be deployed across your networks as required.

    Additional Storage

    • Extra storage can be purchased to maintain more detailed logs, or to increase the retention period of the logs.
  • AlienVault ® Threat Detection and Incident Response

    Alienvault is a leader in providing SIEM, threat detection and incident response solutions.

    Alienvault is a leader in providing SIEM, threat detection and incident response solutions.

    Our Security Operations team can help you deploy and support your AlienVault platform or we can offer it as a Managed Service.

    Unified Security for Threat Detection, Incident Response, and Compliance

    AlienVault® offers you a new approach to today's evolving security challenge.

    AlienVault® Unified Security Management® (USM) delivers built-in intrusion detection systems as part of an all-in-one unified security management console.

    It includes:

    • built-in host intrusion detection (HIDS),
    • network intrusion detection (NIDS), and
    • cloud intrusion detection for public cloud environments including AWS and Microsoft Azure. This enables you to detect threats as they emerge in your critical cloud and on-premises infrastructure.

    AlienVault USM Screenshot

    Want to know more?

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about the AlienVault solution.

    Request more information3   Request a demo

    Detect threats as they emerge

    To ensure that you are always equipped to detect the latest emerging threats, the AlienVault® Labs Security Research Team delivers continuous threat intelligence updates directly to the USM platform. Over 19 million threat indicators are contributed daily.

    AlienVault - over 19 million threat indicators contributed daily

    Expert threat intelligence updated every 30 minutes and analysed

    Expert threat intelligence is updated every 30 minutes and analysed. This threat data is backed by the AlienVault Open Threat Exchange® (OTX™) - the world’s first open threat intelligence community made up of more than 80,000 participants from more than 140 countries.

    AlienVault world map

    AlienVault® enables you to be more effective in your vulnerability management processes

    • Leverage intrusion detection for any environment with built-in cloud IDS, network IDS, and host-based IDS (including File Integrity Monitoring (FIM)).
    • Use the Kill Chain Taxonomy to quickly assess threat intent and strategy.
    • Make informed decisions with contextual data about attacks, including a description of the threat, its method and strategy, and recommendations on response.
    • Use automatic notifications so you can be informed of key threats as they happen.
    • Work more efficiently with powerful analytics that uncover threat and vulnerability details in an all-in-one console.

    What do you get?

    • Asset discovery and inventory
    • Vulnerability assessment
    • Intrusion detection
    • Endpoint detection and response
    • SIEM and Log Management
    • Behavioural Monitoring

     

    About AT&T Cybersecurity

    AlienVault has now combined with AT&T Cybersecurity Consulting and AT&T Managed Security Services to form a new standalone division, AT&T Cybersecurity.

    AT&T Cybersecurity helps to reduce the complexity and cost of fighting cyber crime.

    With the acquisition of AlienVault, AT&T Cybersecurity will continue to deliver on their joint vision to address cyber security issues and uniquely bring together people, process, and technology through a “software defined” unified security management platform - a platform that integrates, automates, and orchestrates a wide spectrum of best-of-breed point security products.

    Read more about AT&T Cybersecurity here: https://cybersecurity.att.com/ 

  • Tripwire

    Tripwire is a trusted leader for asset discovery, secure configuration management, vulnerability management and log management.

    Tripwire is a trusted leader for asset discovery, secure configuration management, vulnerability management and log management.

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more the Tripwire security solution.

    Request more information3   Request a demo

    Tripwire® ExpertOps

    File integrity monitoring and security configuration management as a service.

    • Managed service from Tripwire.
    • Public cloud infrastructure for lower total cost of ownership.
    • Leverage Tripwire's deep expertise.
    • Gain 24/7 visibility into security risks and compliance issues.
    • Reduce costs and improve ROI.

    Tripwire® Enterprise

    Detect threats, control changes, and prove compliance with Tripwire Enterprise.

    • Take advantage of 1500 platform / policy combinations - the most in the industry.
    • Detect changes in real-time.
    • Distinguish cyber threats from business-as-usual changes.
    • Assess the immediate impact of changes on your compliance statusFix problems using remediation advice.
    • Capture detailed change data including who, what, when, and how.
    • Fix problems using remediation advice.
    • Harden systems using industry best-practices and frameworks.
    • Integrate with change management systems to reconcile detected changes.
    • Exchange data with other systems to build a wholistic security picture.

    Tripwire® IP360

    Discover assets, identify vulnerabilities, and prioritise risks.

    • Maintain an accurate inventory of all hardware and software on your network.
    • Stay up-to-date on your total vulnerability exposure.
    • Use a customised scoring system to prioritise the most urgent fixes.
    • Integrate with Tripwire Enterprise and Configuration Compliance Manager.
    • Scale to the largest-sized networks.
    • Improve the efficiency and effectiveness of your VM-related processes.

    Additional cyber security tools from Tripwire

    Tripwire® File Integrity Manager

    • It collects highly detailed change data in real time.
    • It adds change intelligence and automated remediation, then integrates this data with the other critical security controls found in Tripwire's integrated solutions.

    Tripwire® Log Center®

    • Supports a variety of data collection methods, including agent-based collecting using the Tripwire Axon® agent, and agentless collection via syslog, SNMP, WMI, file collectors, and remote connectors for Cisco, Check Point, and databases.
    • Normalises the log data it collects to make it accessible and useful with its product capabilities of indexing, search, and correlation.
    • Supports normalisation rules for the wide array of products.

    Tripwire® Connect

    • Visualise your security and risk trends across your enterprise - whether it is the entire organisation, or within business units or single departments.
    • Actionable and tailored reporting that allows you to implement processes and remediations to reduce the overall risk profile of your organisation, assure system integrity, and deliver continuous compliance.
    • Tripwire Connect provides a centralised view into your security configuration, file integrity, and vulnerability management data at a glance so that it can be analysed to provide an enterprise-wide, holistic view of your cyber security posture.
    • Tripwire Connect allows you to scale as you grow, and deploy as you need. Tripwire Connect can aggregate data from over 100,000 nodes. Data can be consolidated from multiple Tripwire Enterprise consoles and Tripwire IP360 VnEs.

    Tripwire® for DevOps

    • Tripwire® for DevOps is a comprehensive security SaaS solution that runs both static and dynamic analysis on container images for vulnerabilities in a sandbox.
    • DevOps teams can be equipped with a complete security assessment of new application builds as they move through the continuous integration and continuous delivery toolchain from development to production.

    Tripwire® Industrial Visibility

    • Tripwire® Industrial Visibility provides ICS operators with total clarity into the devices and activity on their network.
    • It uses deep packet inspection, change management, event logging, and threat detection to help you keep your most sensitive assets out of the reach of intruders.
    • It protects against unwanted change in your OT environment, using passive scanning and detection.
    • Continuous threat monitoring and advanced logging intelligence that gives you deep, granular ICS visibility.

    Tripwire® Apps

    You are able to implement additional tools to leverage the deep security and compliance data collected by Tripwire Enterprise to provide you with richer insights across your organisation.