Meet compliance requirements with SIEM as a Service
Help your employees analyse security incidents, handle incident management and integrate new source systems on an ongoing basis.
We guarantee professional operation of your IT security systems at the highest technical and legal level with complete service transparency.
SIEM is capable of collecting and analysing petabytes of data from a wide range of company areas.
Secure compliance efficiently
SIEM (security information and event management) is the only way to set out compliance requirements with reasonable efficiency. Automated processes adapted by internal or external experts to the company’s requirements act more quickly and protect resources. The latest encryption technology.
Early warning system
It operates as an early warning system virtually in real time, before any damage can occur. At the same time, it delivers audit-proof results – making compliance significantly easier.
SIEM as a Service
SIEM as a Service monitors IT systems for potential attacks, thus protecting against production downtime, data loss, reputational damage and the associated financial risks.
A combination of automatic recognition and expert knowledge guarantees the fastest possible detection of potential attack situations.
With an active threat to the infrastructure, the measures contractually agreed with you come into effect immediately. These may range from just informing your IT manager to deploying the contractor’s rescue team through a separate assignment.
Pallas is the central point of contact for the client and available around the clock.
The SIEM service is provided by Pallas in partnership with our technology partner the Certified Security Operations Center GmbH as Pallas sub-contractors.
The introduction and use of SIEMaaS is divided into the following phases:
The client’s already noted requirements are taken into account in the planning phase. The service presented (use of SIEMaaS) is accepted by the client and the contract for contractual processing (see appendix) is concluded. The points of contact, their responsibilities and availability (telephone number, email addresses etc.) are established. The required measures (informing the points of contact, taking action on site, etc.) are then set out. Suitable data interfaces are required to record monitoring data and for its technical implementation; we help design and implement these.
On the basis of this contract between the client and contractor, the client is switched to SIEMaaS for the contractual period. The sensors are then installed and commissioned. The sensors are connected to the SIEMaaS via a VPN connection provided by the contractor (SIEMaaS-Connect). The functioning and load on all sensors and connections used are actively monitored by the contractor. The sensor and VPN solution is configured and maintained by the contractor. The required sensor technology (hardware or virtual solution) is provided to the contractor within the framework and for the duration of the service agreement for the intended use. The client is obliged to keep the required sensor technology in proper usable condition, taking into account the contractor’s instructions, and to ensure that no damage and/or failure of hardware and software takes place as a result of actions and/or omissions made by them or their subcontractors. The client is not entitled to make changes to the sensor technology. They may not grant third parties any rights to this. When the SIEMaaS contract is terminated, the sensor technology must be returned to the contractor in full.
The sensors’ learning phase is set to run for one month. The detailed data from this period is treated and evaluated separately. This period may be expanded up to 90 days in coordination with the client, depending on the sensor or network configuration. This makes it possible to minimise ‘false alarms’, which can never be completely ruled out. The SIEMaaS team also obtains important real time information on the client’s ‘normal’ day-to-day operations, which is especially important for identifying attack scenarios.
When the learning phase is complete, the contractor monitors the infrastructure agreed with the client as part of SIEMaaS by using installed sensors and analysing incident data (‘monitoring’). The combination of automatic detection using smart software tools and expert knowledge enables a range of potential attack situations to be detected ultra-fast.
In the event that an attack is detected, the relevant information is automatically reported to the contractor’s analysts and verified at their end. Verification takes place exclusively within the contractor’s business hours of Monday to Friday between 9:00 am and 5:00 pm.
In the event that an active threat to the client’s infrastructure is detected and verified, the named point of contact is informed through the contractor’s ticketing system via email, SMS, and, in some cases, over the phone. An individual reporting plan is agreed to ensure the relevant information is communicated in the best possible way.
The data requested by the analyst is sent to the analyst’s workplace for further evaluation. The metadata (event data and text, classification, prioritisation, etc.) is processed on the contractor’s own server systems for the purposes of anomaly detection and dashboard display.