24/7 threat detection with Managed SIEM

Complete coverage

Deploy anywhere

Collect security logs from any source, including endpoints, applications and cloud systems.

Identify threats

Uncover threats

Never miss a security risk with experienced SOC analysts monitoring your network 24/7.

Prevent breaches

Prevent breaches

Quickly respond to threats with clear, step-by-step remediation advice.

Grow your business

Stay compliant

Meet the requirements of PCI DSS, ISO 27001 and more with proactive SIEM log monitoring.

Real-time SIEM log monitoring

24/7 threat detection with Managed SIEM
  • Log-based monitoring collects security data from your whole environment for total visibility
  • Experienced SOC analysts monitor your network 24/7 for security threats so you don’t have to
  • Proactive threat hunting uncovers hidden threats and stops attacks before they happen
  • Automatic alert prioritisation to save you time and highlight critical threats
  • Actionable advice with step-by-step guidance for faster remediations
  • Rapid time-to-value with fast deployment tools and pre-defined alerts
  • Empowers your teams to maintain strong cyber defences and meet compliance

Managed SIEM service highlights

Magnifying glass

24/7 monitoring

Continuous SIEM monitoring for systems, networks, applications and users

Brain with power cable

Seamless integration

Ingest security logs from any device, system, cloud service or vendor

Head with a clock inside

Easy to deploy

Simple and automated SIEM as a service deployment

Magnifying glass

Cloud ready

Support for Azure, AWS, GCP, Salesforce and more

Brain with power cable

Real-time intel

Uncover the latest threats with integrated threat intelligence feeds

Head with a clock inside

Simple pricing

Scalable pricing that isn’t based on log volumes or daily ingestion rates

Here’s what our customers say about us

Protecting the world’s leading brands

Learn more about our Managed SIEM service

SIEM onboarding made easy

See immediate security value with a simple SIEM deployment process.

Why choose SIEM services from Defense.com? Why choose SIEM services from Defense.com?

Why choose SIEM services from Defense.com?

A key component of our SIEM monitoring services is our in-house Service Operations Centre (SOC) with 24/7 coverage across the UK and US.

Our experienced analysts will become an extension of your team, proactively looking for malicious activity in your network and taking full ownership of your SIEM service.

Unlike most other solutions on the market, Defense.com delivers clear, step-by-step remediation advice whenever there is a security event so you can fix issues fast and get back to other tasks.

Get a Managed SIEM quote today

Tell us your Managed SIEM requirements for a fast, accurate quote.

For more information about how we collect, process and retain your personal data, please see our privacy notice.

Managed SIEM service FAQs

A Security Information and Event Management (SIEM) solution takes log data from various sources within your network and identifies any suspicious activity. If a security event is spotted, an alert can be raised so that remedial action can be taken.

An outsourced managed SIEM solution will proactively monitor and investigate network activity on your behalf. Any security events or outcomes are escalated directly to you, instead of floods of alerts.

Choosing to outsource SIEM to a third party can be seen as the most balanced option in comparison to building your own solution or buying an off-the-shelf product.

A managed SIEM service allows you to save time and resource by letting a third party proactively look for threats on your behalf. You’ll also benefit from no dedicated hardware or support contracts to manage and access to a wider variety of threat intelligence.

By using a managed SIEM solution such as Defense.com, you can combine the best of technology and human expertise for 24/7 threat monitoring.

For collecting logs within your network, we will provide you with the scripts and documentation for setting up a collector using Ubuntu, which needs to be installed on a standalone virtual or physical machine inside your network.

Once this is complete, we'll then ask you to deploy a couple of agents on your client devices (Winlogbeat & Filebeat) which will send the logs from these devices to the collector on the Ubuntu machine. Your logs will then be encrypted and sent to our Defense.com SIEM platform for processing.

For cloud environments like AWS and Azure we can usually collect logs via the provided API. Our team will work with you to ensure that you are collecting logs from all necessary areas of your environment. If we do not currently have an integration with your particular vendor or device then we will either find a workaround to bring the logs in or look to develop a custom integration.

We can ingest almost any source of log data that provides security value, regardless of the vendor or product.

This can include high-fidelity logs such as:

  • IDS/HIDS logs
  • WAF logs
  • Endpoint protection logs either from your existing solution or via the Defense.com agent

As well as additional low-fidelity logs that have less context on their own such as:

  • Firewall logs
  • Switch logs
  • Flow logs

These additional log sources help to detect attempts to laterally move to higher value assets such as Active Directory servers. This could occur when lower value assets are compromised such as workstation devices or lower criticality servers. These types of sources also provide indicators of attacks that can often not be detected using logs alone.

The more log data that we can ingest into Defense.com the more we can build a clearer picture of your environment and correlate information from different sources to drive informed decision making.

Alerts come through as a security event in your Defense.com account, which provides the details of what we have detected and answers the 'who, what, when and how'. We also create a threat connected to the security event, which provides clear remediation advice on how to address and contain what has been found.

Runbooks are used to standardise incident response processes and to ensure that the appropriate steps are taken to contain, eradicate, and recover from security incidents.

Our runbooks include the following elements:

  1. Process overview: The steps taken to perform incident triage, incident escalation, and gives guidance on incident resolution.
  2. Containment procedures: The steps that should be taken to contain a security incident, such as isolating affected systems, shutting down access to affected systems, and implementing other containment measures.
  3. Eradication procedures: The steps that should be taken to eradicate a security incident, including identifying and removing malicious software, patching vulnerabilities, and implementing other remediation measures.
  4. Recovery procedures: The steps that should be taken to recover from a security incident, including restoring systems and data, and conducting a post-incident review to identify areas for improvement.
  5. Monitoring and detection procedures: The steps that we will be taking to detect and monitor security incidents, including configuring and maintaining our platform, and analysing log and event data.

Our SOC team assesses and prioritises all alerts and performs threat hunting and investigation in order to reduce false positives. The analyst will then either raise the security event or use it to further tune the environment. All events that are false positives are still recorded for audit purposes.

A well-documented profile is critical to our detection capabilities. We create a profile during your onboarding process and define runbooks specific to your environment to ensure that false positives are kept to a minimum. This is a standard process of our onboarding and ongoing service to reduce alert fatigue.

SIEM SOC refers to the combination of a Security Information Event Management (SIEM) platform, managed by a Security Operations Centre (SOC). A SIEM SOC service will typically involve proactively monitoring and investigating network activity on your behalf, with any security events being escalated to you directly.

Outsourcing your SIEM SOC operations to a third party helps you to make your budget go further, without compromising on security coverage. Having your SIEM monitored 24x7 by a SOC team also frees up your internal resources to focus on other tasks.

The pricing for Defense.com Managed SIEM is calculated primarily on the number of log sources you would like to cover. Unlike many other vendors, Defense.com Managed SIEM pricing isn't based on log volumes or daily ingestion rates. This keeps the pricing for your SIEM service predictable and scalable.