Because Security Gives Us Freedom.
Correlation of security data is the heart of security management. But we go beyond that with rule customization and data tools that empower the analyst to detect threats, anomalies, and compliance violations.
Receive only truly actionable information and alerts. Our SIEM uses the most advanced analytics available. If you already have a SIEM, we'll manage it for you.
Our SOC will alert via ticket, API, email, or phone based on custom, agreed-upon criteria. We use the Information Technology Infrastructure Library (ITIL) categories and severity levels.
We'll customize to accept most any log source. Of course we're ready for your AD, firewalls, IDS, DLP, end-point detection and more. Unlike the others, we also analyze switches (SNMP) for parameters not found in logs.
We retain all SIEM, log, tagged packet captures (PCAP), session, and ticket data for 12-months for forensics and analysis. Optional optical-disk archives are available for long-term archiving.
We leverage our, proprietary, 13-year old signature database along with our banking signatures and other commercial and community signature databases, updated continuously and customized for your network.
Security is a process not a product. This is why we track everything in our ticketing system (or yours) and annually perform a SOC2 Type II audit of our operations.
SIEM reports aggregate the alerts and correlated security data and deliver it to you in an easily understood format with summaries, trending, and visualization that highlight the nature of your network activity. Reports can be prepared daily, weekly, monthly, or yearly.
Firewall reports need special attention. Nexgen firewalls provide more data via API that isn't present in logs. We provide daily and monthly reporting for blocked and filtered content, threat detection, geo-activity, and bandwidth graphing.