December 14, 2016
COLUMBIA, Md.— Dec. 14, 2016 –EventTracker, a leader in security information and event management (SIEM), today announced the launch of SIEMphonic, a comprehensive managed security service. The SIEMphonic service is based on the award-winning EventTracker platform, which includes SIEM, intrusion detection, vulnerability scanning, threat intelligence, and HoneyNet technology, implemented either on-premises or in the cloud. Experts at the company’s new 24×7 intelligent security operations center (iSOC) provide remote administration and analytics. The new offering enables small and medium companies to achieve a level of fully-faceted protection from cyberthreats that was previously only available to large enterprises.
SIEM technology enables real-time analysis of security alerts produced by machines, network devices and applications on the network. However, converting technology capability into actionable results requires security analyst time and expertise, all too rare in mid-market companies. The noise-to-signal ratio is high, and critical alerts can get lost amongst the deluge of data.
It is difficult and expensive to hire and retain an IT security team that has the bandwidth and capability needed to monitor and analyze the alerts and reports produced by SIEM technology. Further complicating this task is that teams must be able to recognize the real threats from the data and know the appropriate remediation steps required to mitigate them. The failure of organizations to achieve the desired outcome of a SIEM system due to the lack of qualified analysts is widespread, leading some industry analysts to name SIEM as the technology most likely to become “shelfware.”
“At the end of the day, expert analysts are essential to effective cybersecurity. There is no magic box that plugs into your network and creates a shield to keep all the bad guys out,” said A.N. Ananth, CEO of EventTracker. “For years, the security industry was harping on technology and whispering ‘do-it-yourself.’ Now, we are shifting the conversation. Don’t just buy technology. Buy the outcome you want—protection for your network and IT assets from the modern cyberthreat landscape. Technology alone is about 15 percent of the solution. Expert analysts and robust, disciplined, and documented processes—the core of the services we are offering—are the remaining 85 percent.”
SIEMphonic combines SIEM technology, intrusion detection, vulnerability scanning, flow analysis and HoneyNet capabilities with a fully managed security service. The result is a complete solution that finally delivers SME businesses the outcome they are seeking—effective cybersecurity at an attractive price point. Key capabilities include:
- 24×7 managed security services– SIEMphonic complements internal IT resources by deploying, customizing and operating EventTracker’s suite of security technologies. This managed detection and response (MDR) service provides continuous monitoring for cyberthreats. The technology collects data from a variety of sources—platform, application and network logs, alerts from intrusion detection systems (IDS) and vulnerability scans— and EventTracker’s experts analyze it all. Threat intelligence from a rich ecosystem of global and community sources are merged along with customized honeypots for local data, to rapidly identify threats and enable investigation and response
- EventTracker 8 SIEM platform– this already award-winning and industry-leading platform is the core of SIEMphonic, providing network and system administrators with early threat detection, operational awareness and the ability to demonstrate compliance with industry regulations and internal security policies
- Threat intelligence – threat actor, attack and breach information is fed into the EventTracker platform to adapt the scope and focus of security. The integration of global, local and community-based threat intelligence sources transforms the SOC into an intelligent SOC or iSOC. Analysts are empowered to identify the most important and actionable alerts and help customers immediately stomp out potential cyber risks
- HoneyNet deception technology — comprised of multiple virtualized decoys strategically scattered throughout the network to lure bad actors and sniff out attacks, HoneyNet provides the highest value intelligence, identifying suspicious activity specific to the customer’s own environment to proactively hunt down and stop threats
- Behavior analysis — monitoring traffic and calling out suspicious actions or departures from normal operation help identify new malware and zero-day exploits attempting to wreak havoc on the network
Through its managed services approach, EventTracker’s SIEMphonic enables any-sized organization to successfully implement a full suite of cybersecurity technology, including MDR. According to Gartner, “Organizations struggle to deploy, manage and use an effective combination of expertise and tools to detect threats, especially targeted advanced threats and insider threats.”
In the same report, Gartner makes the following suggestions to IT security leaders: “Consider managed security service providers (MSSPs) that offer MDR-like services when device management and compliance use cases are required. Data residency requirements may also drive consideration of an MSSP over an MDR service provider.” 1
Gartner, ” Market Guide for Managed Detection and Response Services,” Gartner, Toby Bussa, Craig Lawson, Kelly M. Kavanagh, May 10, 2016.