Deploy anywhere
Collect security logs from any source, including endpoints, applications and cloud systems.
Protect your business against cyberattacks with 24/7 SIEM log monitoring and threat detection.
Collect security logs from any source, including endpoints, applications and cloud systems.
Never miss a security risk with experienced SOC analysts monitoring your network 24/7.
Quickly respond to threats with clear, step-by-step remediation advice.
Meet the requirements of PCI DSS, ISO 27001 and more with proactive SIEM log monitoring.
Continuous SIEM monitoring for systems, networks, applications and users
Ingest security logs from any device, system, cloud service or vendor
Simple and automated SIEM as a service deployment
Support for Azure, AWS, GCP, Salesforce and more
Uncover the latest threats with integrated threat intelligence feeds
Scalable pricing that isn’t based on log volumes or daily ingestion rates
See immediate security value with a simple SIEM deployment process.
A key component of our SIEM monitoring services is our in-house Service Operations Centre (SOC) with 24/7 coverage across the UK and US.
Our experienced analysts will become an extension of your team, proactively looking for malicious activity in your network and taking full ownership of your SIEM service.
Unlike most other solutions on the market, Defense.com delivers clear, step-by-step remediation advice whenever there is a security event so you can fix issues fast and get back to other tasks.
A Security Information and Event Management (SIEM) solution takes log data from various sources within your network and identifies any suspicious activity. If a security event is spotted, an alert can be raised so that remedial action can be taken.
An outsourced managed SIEM solution will proactively monitor and investigate network activity on your behalf. Any security events or outcomes are escalated directly to you, instead of floods of alerts.
Choosing to outsource SIEM to a third party can be seen as the most balanced option in comparison to building your own solution or buying an off-the-shelf product.
A managed SIEM service allows you to save time and resource by letting a third party proactively look for threats on your behalf. You’ll also benefit from no dedicated hardware or support contracts to manage and access to a wider variety of threat intelligence.
By using a managed SIEM solution such as Defense.com, you can combine the best of technology and human expertise for 24/7 threat monitoring.
For collecting logs within your network, we will provide you with the scripts and documentation for setting up a collector using Ubuntu, which needs to be installed on a standalone virtual or physical machine inside your network.
Once this is complete, we'll then ask you to deploy a couple of agents on your client devices (Winlogbeat & Filebeat) which will send the logs from these devices to the collector on the Ubuntu machine. Your logs will then be encrypted and sent to our Defense.com SIEM platform for processing.
For cloud environments like AWS and Azure we can usually collect logs via the provided API. Our team will work with you to ensure that you are collecting logs from all necessary areas of your environment. If we do not currently have an integration with your particular vendor or device then we will either find a workaround to bring the logs in or look to develop a custom integration.
We can ingest almost any source of log data that provides security value, regardless of the vendor or product.
This can include high-fidelity logs such as:
As well as additional low-fidelity logs that have less context on their own such as:
These additional log sources help to detect attempts to laterally move to higher value assets such as Active Directory servers. This could occur when lower value assets are compromised such as workstation devices or lower criticality servers. These types of sources also provide indicators of attacks that can often not be detected using logs alone.
The more log data that we can ingest into Defense.com the more we can build a clearer picture of your environment and correlate information from different sources to drive informed decision making.
Alerts come through as a security event in your Defense.com account, which provides the details of what we have detected and answers the 'who, what, when and how'. We also create a threat connected to the security event, which provides clear remediation advice on how to address and contain what has been found.
Runbooks are used to standardise incident response processes and to ensure that the appropriate steps are taken to contain, eradicate, and recover from security incidents.
Our runbooks include the following elements:
Our SOC team assesses and prioritises all alerts and performs threat hunting and investigation in order to reduce false positives. The analyst will then either raise the security event or use it to further tune the environment. All events that are false positives are still recorded for audit purposes.
A well-documented profile is critical to our detection capabilities. We create a profile during your onboarding process and define runbooks specific to your environment to ensure that false positives are kept to a minimum. This is a standard process of our onboarding and ongoing service to reduce alert fatigue.
SIEM SOC refers to the combination of a Security Information Event Management (SIEM) platform, managed by a Security Operations Centre (SOC). A SIEM SOC service will typically involve proactively monitoring and investigating network activity on your behalf, with any security events being escalated to you directly.
Outsourcing your SIEM SOC operations to a third party helps you to make your budget go further, without compromising on security coverage. Having your SIEM monitored 24x7 by a SOC team also frees up your internal resources to focus on other tasks.
The pricing for Defense.com Managed SIEM is calculated primarily on the number of log sources you would like to cover. Unlike many other vendors, Defense.com Managed SIEM pricing isn't based on log volumes or daily ingestion rates. This keeps the pricing for your SIEM service predictable and scalable.