Security Incident and Event Management (SIEM)
CNS Mosaic Managed Services use a Unified Security Management (USM) Platform to provide log collections and SIEM.
Log collection is the ability to ingest log data into the system for automatic import and integration. This is a fundamental principle of the service because without it the current security posture of a network cannot be ascertained.
When an incident happens CNS is able to provide immediate visibility into the who, what, when, where, and how of an attack.
Event log data alone provides only pieces of this puzzle, without any context to make effective decisions.
The USM helps CNS move faster from raw event logs to actionable security intelligence by automating the event correlation process, providing every detail you need in the alarm such as:
- Web service attacks (e.g. SQL injections, cross site scripting, etc.)
- Brute force authentication attacks (e.g. SSH, LDAP, NetBIOS, etc.
- Distributed denial of service attacks (DDoS)
- Malware detection (e.g. ransomware, Trojans, bots and more)
- Common network attacks (e.g. IP spoofing, hijacking attempts, etc.)
- Policy violations (e.g. anonymous proxy use, BitTorrent, P2P, etc.)
- Other suspicious behaviour (e.g. login from Tor network)
The service provides the following benefit to customers:
- 24 x 365 Monitoring – someone is watching the system all the time and this offloads need for a 24 x 365 internal response team.
- Expert and knowledgeable response to IT, network and security events.
- A defence policy defines how to filter alerts and what to respond to.
- Service responds to suspicious activity, either external or internal, with source and destination addresses, actions taken and impact.
- Log event storage - secure storage, retention and deletion of logs.
- All signature updates applied by CNS Service Desk and tested beforehand.
- All lifecycle management updates and patches, managed by CNS as part of the managed service.
- Fixed annual cost for managed service, appliance and all updates.
Our security experts will plan and deploy the devices and manage the on-going tuning and configuration updates to ensure maximum protection of your sites and their assets.
How Module Delivered
SLA of Module
OLA of Module
CNS USM Deployment and Threat Intelligence configuration (Correlation directives)
24 x 365
- USM SIEM solution along with correlation directives designed and deployed by CNS Consultants
- Assets covered in contract.
- Management handed over to CNS SOC once bedding in period signed off by Mosaic Consultants & Customer.
- Handover consists of document and sign-off process.
- When an “event” is triggered initially seen on USM Console in SOC
- Additionally email alert sent to customer POC and CNS SOC
- CNS SOC reviews criticality and relevance via the Managed SOC element. If relevant CNS SOC contacts Customer POC with consultative advice/remedial steps