Security Information & Event Management (SIEM)

SIEM component of WatchTower S.M.A.R.T 365 solution includes integrated asset discovery & inventory via passive & active scanning tools and allows for the assignment of asset criticality. As part of the onboarding process, we will conduct vulnerability scanning, reporting, and management of those vulnerability stats, to assist customers in addressing the most critical items. This is performed by both internal (authenticated) and external (unauthenticated) from the WatchTower 365 Managed Security Services. This information is integrated with SIEM feeds to refine threat detection and analysis and reduce false positives.

BT_perfcon_SSH_GettyImages-1001279256.jpeg

Threat Detection

  • A fully-managed network and host-based IDS technology with leading industry threat feeds and rule-sets.
     

  • Integration of all available security data (IDS and other security device inputs, asset value database, vulnerability scan data).
     

  • Ability to deploy additional integrated security controls.
     

  • Automated real-time ”unified” log correlation and linkage to all log data related to the threat.

Alerting Abilities

  • File Integrity and privileged-user monitoring, etc.
     

  • Integrated proprietary and crowd-sourced threat intelligence.
     

  • Application of 3,200+ correlation rules to the asset, vulnerability, network traffic, and threat data.
     

  • 24 x 7 x 365 alerting with “full threat context”.
     

  • Evaluation and elimination of systemic “false positives”.