Security  Event  Correlation  Cyber  Security  Managed  Services  

 

           Rev.20160708  

Business-­‐e  Spa  A  company  of  the  Itway  Group  specialized  in  Information  Security.   Thanks   to   strategic   partnerships   with   the   best   Vendors   at   a   global   level,   we   supply  consultancy  and  services  on  the  security  of  networks,  systems,  applications  and  contents  (back-­‐up   and   recovery);   on   user   identity   management   and   accesses;   on   protection   of  data  and  Information;  and  on  optimizing  data  centres  and  network  infrastructures.      A  key  aspect  of  our  strategy,  and  what  strongly  distinguishes  us  on  the  market,  are  Cyber  Security  services  supplied  through  SOCs  based  in  Italy  with  Italian  certified  personnel.  For  this   reason   we   are   the   only   Italian   company   cited   in   the   Gartner  Magic   Quadrant   for  Managed  Security  Services  Providers  (MSSP).  

 

Security  Event  Correlation  Through  Security   Information  and  Event  Management   (SIEM)  all   LOGS  produced  by   the  monitored  devices  and   software  are  analyzed  and   the   correlation   is   carried  out   in   real  time   in   order   to   punctually   detect   targeted   attacks   (Security   Event  Management)   and  violations  of  data  (Security  Information  Management)  The  Security  Analyst  team  will  analyze  alerts  transmitted  by  the  SIEM  solution.  Thanks  to  the  on  the  field  experience,  the  sources  of  information  and  the  available  information,  it  will  be  able  to  assess  the  risk  level  associated  with  the  events  received  by  the  SIEM  and  to  transmit  the  related  alert  with  an  eventual  remedy.    The  service  is  based  on  five  fundamental  steps:  

1. Analysis  of  the  technological  scenario  and  the  business  of  the  client  

2. Device  management  through  the  integration  of  systems  and  correlation  analysis  

3. Intelligence  on  the  related  information.  

4. Real-­‐time  Monitoring  

5. Transmitting  alerts  according  to  time  schedules  with  flexible  SLAs

 

    SIEM:  Who  is  it  for?    The  service  is  both  for  companies  that  don’t  have  a  SIEM  technology  and  those  that  are  already  equipped  with  an  in-­‐house  system  but  would  like  to  manage  it  in  outsourcing.    

 The  service  can  be  supplied:    

1.  As  a  Service    

Analysis  and  monitoring  by  transmitting  logs  to  the  Business-­‐e  SIEM.    

 2.  On  Premise  Optimizing  capex  costs  by  managing  the  already  installed  platform.    Time  schedule    The  SIEM  service  can  be  supplied  in  different  time  periods:      

ü Business  Hours    ü Non  Business  Hours    ü H24    ü Custom  

 Flexible  SLAs  Several  delivery  SLAs  are  possible,  also  very  stringent  ones,  depending  on  one’s  needs.        

   

Advantages  

Experience  on  different  SIEMs  The  Security  Operation  Center  (SOC)  of  Business-­‐e    uses  qualified  personnel  with  expertise  on  different  SIEM  technologies:  

ü Alien  Vault  ü RSA  ü Sentinel  ü Splunk  ü IBM  QRadar  ü Intel  Security  

 Easy  access  to  information  All  information  collected  through  the  SIEM  Intelligence  service  can  be  seen  through  a  dedicated  portal.      Transmitting  Structured  Reports    ü Event  driven    

For  events  classified  as  High  ü Monthly  

Including  a  summary  of  the  relevant  events  of  the  month  

 Security  Analyst  experts  in  charge  of  Intelligence    Security  technologies  work  based  on  information  they  intercept.    Focusing  all  information  deriving  from  all  security  infrastructures  implemented  and  correlated  with  one  another  allows  to  significantly  enhance  the  security  level.  

1  

2  

3  

4