We perform real-time 24x7 monitoring using your SIEM and our team of Tier 1, Tier 2 and Tier 3 security incident analysts that will correlate and investigate potential incidents.
When incidents are detected, we create Incident Reports in your ticketing system which detail the type of attack, scope of the incident, recommended remediation procedures, as well as the possible root cause of the vulnerability to help reduce future exposure. At your direction, we can coordinate the incident response team through daily calls and by engaging other stakeholders following a defined incident workflow for response and remediation support.
Response and Remediation Support
We provide incident response subject matter expertise to execute and scale remediation plans. Our Managed Security Services Team works within your SIEM, network detection tools and Endpoint Detection & Response tools to fully investigate and remediate incidents. We socialize Incident Reports and coordinate teams to action defined remediation procedures.
Reporting and Metrics
We support your security metrics program by consistently documenting ticket closure, mean-time-to-respond and related metrics. We provide a monthly Executive Summary Report and meet with the your team to review the SIEM monitoring environment, Incident Reports, overall attack trends, and recommended security hardening to help mitigate and contain future attacks.
At agreed intervals, we review your event monitoring strategy including aggregation, egress points and event sources. We provide engineering assistance to review event sources and assess that they are configured appropriately to send logs. We meet with you to review and update Incident Response Workflow for communications and escalation.