Managed SIEM and Threat Intelligence Service

Security Managed Service
Why we offer a Managed SIEM service

Due to an ever-changing cyber-attack landscape, attackers often have the upper hand when attempting to breach a network as most defences are reactive as opposed to proactive. To help combat this and to ensure organisations can be alerted during an attack, a ‘security information and events management’ (SIEM) solution is one of the best defences to deploy.

A SIEM Solution is a critical defence tool for protecting any business. Often mistaken for a simple log collection and altering mechanism, a well-deployed SIEM will not only collect and analyse logs but also actively defend against attacks and hold a database of the latest threats and Indicators of compromise so it can cross-reference suspicious behaviour and logs dynamically to identify when an attack could be in progress.

MTI’s Managed SIEM service is delivered via a fully Managed Service that enables us to identify and inform our customers of real security events that need to be actioned amongst the vast amounts of data generated by their IT infrastructure.

  • Time to detect data loss or breach significantly improved, meaning fast remediation is possible

  • Major or critical incidents responded to on a 24/7 basis

  • High availability of internet portal, dashboards and appropriate storage for logs

  • Incident identification and classification

  • Provide instant scale to accommodate IMACs

  • Critical event notification in under 15 minutes and medium event in less than 1 hour

  • Reduce false positive alerts with UBA

  • Leverage MTI’s world leading threat intelligence database

  • Periodical reviews of existing SIEM rules and security alerts

SIEM and Threat Intelligence Service

MTI’s Managed SIEM and Threat Intelligence service focuses on monitoring, identifying, classifying, verifying and alerting customers about cyber security incidents, combining multiple technologies to provide holistic and dynamic security altering intelligence and incident response service.

The service is based on live data feeds from collector agents, syslog services and APIs. It is compatible with technologies such as Palo Alto, Trend, Forcepoint, ServiceNow, Cisco and more to allow it to not only automatically raise IT support tickets in the event of a security alert, but also to carry out Incident Response actions.

For details on the service itself, the key considerations and other key features, book in a call with one of our security experts