Maximise threat detection with Next generation proven technologies monitored by our cyber security experts 24/7/365

Not all organisations can afford to run their own Security Operations Centre. Two key challenges are training and retaining the staff to monitor events and alerts coming from a SIEM solution. Nazar, Communicate Plc’s fully managed monitoring, Detection and Response service combines Next Generation security information and event management (SIEM) with our Cyber Security Experts monitoring and investigating suspicious activity.

“In a recent SANS survey, 59% of respondents indicated that a lack of trained security staff and skills were the biggest challenges when it came to threat intelligence and detection / SIEM initiatives.”

Detection from Day 1

With the Communicate PLC Nazar solution, detection of threats starts from the minute the system is installed. We have built up an extensive library of rules which are updated daily from our Security Operations Threat intelligence team, our penetration testing lab developments and from the OTX Open Threat Exchange.

Whilst this gives you good coverage from day one, this is not our work completed. We then tune the device based on three key metrics - your environment, your web presence and your systems which are likely to be exploited (This may be due to poorly written applications or systems which are vulnerable and unable to be patched at that stage)

Why our Clients Outsource

A SIEM solution like ours and many of the leading technologies produce a huge number of events and alerts which need to be reviewed. We take feeds from multiple sources including, but not limited to, network security monitoring (NSM), host-based intrusion detection system (HIDS), network-based intrusion detection system (NIDS), Windows logs, Firewall and Switch logs. This can create hundreds of events an hour which need review from a Cyber Security Expert (SOC analyst). Combining the right bespoke tuning and technology will minimise false positives, but will still need someone available 24/7 to monitor and analyse the alerts.

Why do implementations fail?

Our penetration testers perform attacks against many different SIEM solutions, of which we have 100% success with gaining undetected access to non-tuned or misconfigured SIEM solutions. This gives us an insight into the weaknesses of these tools. Through our experience of many years of tuning these devices we are able to see the incredible potential these devices have to detect a breach without huge outlay.

“In a recent SANS survey, 59% of respondents indicated that a lack of trained security staff and skills were the biggest challenges when it came to threat intelligence and detection / SIEM initiatives.”

Our managed Monitoring, Detection and Response

Our systems can detect and notify you within 15 minutes of an alert of a suspected breach or virus outbreak. In addition, we can provide a response from our UK-based SOC team to stop the intruder before any damage is done*.

Using state of the art detection technologies, complemented by our 24/7/365 Security Operations Centre (SOC) team, our managed SIEM takes the hard work and laborious analysis to remove false positives and/or investigate alerts away from your internal resource.

* Based on pre-agreed scenarios where Communicate has strict guidelines on how to react.

What environments can we monitor and detect

Cloud Infrastructure, AWS, AZURE and other datacentres

Cloud Apps Office 365, G suite, Okta and many more

Physical and Virtual Infrastructure one prem servers, workstations and devices.