Skip to main content

Can you describe your service options for Security Monitoring?

Answer
The User Activity Compliance Monitoring solution defines policies for each of the events / system activities (could be vulnerability logs or server logs or proxy logs, etc) - this is the upfront work that IBM has built into the proposal to discover use cases and properly define all parameters.
·         We then build the policies in the SIEM tool, test them and deploy them
·         Based on the policies, alerts are generated in the system and analysts look at the alerts / events of interest to decipher (categorize it as noise/false positive or a true incident.
·         Upon identification of a true incident, the incident management process is invoked.
·         On an ongoing basis during governance calls with the customer, events of interest will be discussed and additional policies will be developed (this may also result in tuning to reduce the noise or add additional policies to identify incidents).
In addition, the Select level of Intrusion Detection and Prevention System Management is designed to provide monitoring, alerting and support of network intrusion detection and intrusion prevention systems (called “Agents”) across a variety of platforms and technologies.
Managed Security Services are delivered from a network of Security Operations Centers (“SOCs”). And will provide access to the SOCs 24 hours/day, 7 days/week.
All of our monitoring and management service offerings come with full access to the Virtual SOC portal, security intelligence through the Threat Analysis Center, including the ability to create a vulnerability watch list with customized threat information, standard automated analysis of events and incidents, health monitoring, and reporting. In addition to our standard IDPS monitoring services we are also offering Security Event Monitoring which includes the standard Automated Analysis and adds real-time 24x7 human analysis. With this option the security incident alert notification drops from 1 hour to 15 minutes.
The optional event monitoring and notification is an eyes-on option that is described and differentiated from our automated analysis below.
Automated Analysis
Agents are capable of generating a high volume of alarms in response to the security conditions they are configured to detect. The actual security risk corresponding to a particular condition detected is not always clear, and it is not practical to block all data that may be harmful as the default. Additional monitoring and analysis of these alarms is important to a sound security program.
IBM has developed and maintains an automated intelligence (“AI”) analysis engine as part of the X-Force Protection System. Events from Agents are submitted to the AI analysis engine for correlation and identification, as they are collected. The AI analysis engine performs the following basic functions:
·         correlates both real-time and historical alarms;
·         utilizes statistical and rules-based analysis techniques;
·         leverages raw, normalized and consolidated data; and
·         operates on application and operating system alarms.
X-Force Protection System AI alerts are made available to you via the Portal. CSS sends you an hourly X-Force Protection System alert notification e-mail, summarizing the AI alerts, if you select this opt ion in the Portal.
Event Monitoring and Notification
MSS security analysts perform event monitoring and analysis of intrusion event AI alerts generated by the X-Force Protection System which result from automated analysis performed on IDS/IPS events. Whether or not a security event is considered a security incident is determined solely by IBM. Identified events are classified, prioritized, and escalated as IBM deems appropriate. Alerts that are not eliminated as benign triggers are classified as a security incident (“SI”).
Security incidents (“SI”) are classified into one of the three priorities described below:
·         SI – Priority 1 - Investigations that result in a high priority classification (i.e., Priority 1) require immediate defensive action.
·         SI – Priority 2 - Investigations that result in a medium priority classification (i.e., Priority 2) require action within 12 - 24 hours of notification.

·         SI – Priority 3 - Investigations that result in a low priority classification (i.e., Priority 3) require action within 1 – 7 days of notification

Comments

Post a Comment

Popular posts from this blog

LinuxGuruz Netfilter IPTABLES Firewall Page

The Netfilter Project Homepage http://www.netfilter.org Source Code Userspace code (tar.bz2) http://www.netfilter.org/files/iptables-1.3.0.tar.bz2 FAQ Netfilter/Iptables FAQ http://netfilter.samba.org/documentation/FAQ/netfilter-faq.html Firewall Forensics (What am I seeing?) FAQ http://www.robertgraham.com/pubs/firewall-seen.html Network Intrusion Detection Systems - IDS http://www.robertgraham.com/pubs/network-intrusion-detection.html Sniffing (network wiretap, sniffer) FAQ http://www.robertgraham.com/pubs/sniffing-faq.html Linux IP Masquerade FAQ http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/ Firewall Admins Guide to Porn FAQ http://www.robertgraham.com/pubs/firewall-pr0n.html Hacking Lexicon - hacking dictionary http://www.robertgraham.com/pubs/hacking-dict.html Submit a FAQ Link or URL http://www.linuxguruz.com/iptables/#links Scripts Home LAN masquerading http://the-devil.dnsalias.net/home/extremist_MASQ Home LAN ip6t...
Post a Comment
Read more

ESS

ESS is uniquely qualified to help you secure a new era of computing with: ·          Intelligence  – Enterprise security portfolio, with our expert field professionals, are unmatched in their ability to provide the deep analytics needed to ward off the wide range of threats ·          Integration  – Solutions and services systematically integrate both new and existing security capabilities, giving critical visibility, providing comprehensive controls, and reducing complexity ·          Expertise  – Expertise stems from our hands-on professionals and researchers whose know-how is built into our products and services, provided through real-time client feeds and embedded in our professional engagements
Post a Comment
Read more