Security Incident & Event Management (SIEM)
SIEM component of WatchTower S.M.A.R.T 365 solution includes integrated asset discovery & inventory via passive & active scanning tools and allows for the assignment of asset criticality. As part of the onboarding process, we will conduct vulnerability scanning, reporting, and management of those vulnerability stats, to assist customers in addressing the most critical items. This is performed by both internal (authenticated) and external (unauthenticated) from the WatchTower 365 Managed Security Services. This information is integrated with SIEM feeds to refine threat detection and analysis and reduce false positives.
THREAT DETECTION & ALERTING ABILITIES
A fully-managed network and host-based IDS technology with leading industry threat feeds and rule-sets.
Automated real-time ”unified” log correlation and linkage to all log data related to the threat.
Application of 3,200+ correlation rules to the asset, vulnerability, network traffic, and threat data.
Integration of all available security data (IDS and other security device inputs, asset value database, vulnerability scan data).
File Integrity and privileged-user monitoring, etc.
24 x 7 x 365 alerting with “full threat context”.
Ability to deploy additional integrated security controls.
Integrated proprietary and crowd-sourced threat intelligence.
Evaluation and elimination of systemic “false positives”.