Vigilant - Main Page Vigilant - Services Vigilant - Customers Vigilant - Partners Vigilant - News Vigilant - Events Vigilant - Support Vigilant - Company Information Vigilant - Resources Vigilant Labs Vigilant - Contact Us
 



 

Introduction

Why Co-Sourcing?

How Co-Sourcing Works

Solution Overview

Case Studies

Whitepapers

 


How Vigilant SIEM Co-Sourcing Works


Figure 1. Vigilant Co-Sourcing Model

Cornerstone Monitoring Service

SIEM Co-Sourcing begins with our standard Cornerstone Monitoring Service, and focuses on the core responsibilities of SIEM monitoring and tuning to support daily operations. The Cornerstone service is designed to provide clients with regular tuning and maintenance of SIEM product components and content.

Vigilant’s SIEM Co-Source Engineers will routinely tune and maintain your SIEM solution so that the content remains up-to-date as your environment changes. Examples of tasks included in the Cornerstone service include:

  • Round the Clock Monitoring of SIEM Installation – Vigilant Co-Source Engineers monitor the dashboard and alert screens of the SIEM Solution unitizing a workflow oriented process to detect and respond to high priority threats against your organization.
  • Visualization Tuning – Vigilant Co-Source Engineers will continually update the dashboards and displays within your SIEM solution to uncover threats in the most efficient manner.
  • Alert Tuning - Vigilant Co-Source Engineers will continually update alerting thresholds so that alerts are triggered based on “actual” threats occurring to the environment.
  • Source Event Maintenance – Vigilant Co-Source Engineers will research and analyze source devices for new releases or log updates and maintain the SIEM components as needed (Taxonomy/Signature Updates, Asset Data, Vulnerability Data, Referential Data, etc.)
  • Incident Tracking and Handling – Vigilant Co-Source Engineers will respond to incidents within your environment by intelligently investigating the cause for a particular high priority alert or event.

As shown in this diagram, the SIM Solution remains on the customer premises at all times. Vigilant SIM Consultants connect to the Customer Location through a secure VPN connection (or dedicated leased line.)

The above SIM Co-Sourcing architecture is designed to maximize visibility by the client Information Security team into the real-time security environment. With all of the SIM infrastructure hosted on the client premises, both Vigilant and the client Information Security team have complete, functional access to the SIM interface, including the ability to view and configure real-time dashboards, modify or create new correlation rules, and generate on-demand and scheduled reports. Leveraging this shared interface also allows Vigilant to efficiently collaborate with client IS teams as security incidents arise.
In addition to the Cornerstone Service, Co-Sourcing Customers can select to configure their service with several critical service options.

Co-Sourcing Service Options:

Option A New SIEM Content Development

Option A for SIEM Co-Sourcing includes the creation of new content on a regularly scheduled basis, so that your installation grows to incorporate monitoring of new external threats or internal compliance violations.

Vigilant’s SIEM Co-Source Engineers will develop new content – on-screen dashboards, filters, correlation rules, alert triggers, reports, etc. – at any required frequency (daily, weekly, monthly, quarterly, or annually)

Option B SIEM Maintenance & Tuning

Option B for SIEM Co-Sourcing includes the option for Vigilant to fully administer and maintain the SIEM installation, so that clients are kept up-to-date on the latest version and features of the product suite. The following is a list of services included with Option B:

  • SIEM Product Point Releases
    o SIEM Server – quarterly
    o SIEM Collectors - quarterly
  • SIEM Product Major Releases
    o SIEM Server – annually
    o SIEM Collectors - annually

Option C End-point Management & Tuning

Option C for SIEM Co-Sourcing expands the service to include remote management of client end-points (or SIEM Data Sources). End-points typically include core security infra-structure components, such as intrusion detection / protection appliances, firewalls, proxy servers, anti-virus software, vulnerability scanners, or other devices requiring tuning as a result of detected security incidents. Vigilant’s 24x7 monitoring service provides real-time incident detection and notification. As part of Option C, Vigilant will not only track and notify of potential security breaches, but will also take on the responsibility to tune each end-point device, so as to prevent like-kind incidents from re-occurring.

Example End-points include:

  • Firewalls
  • IDS and/or IPS systems
  • Anti-virus software
  • Vulnerability and Patch Management software
  • Server Log Management (Syslog, LogLogic, SenSage)
  • Additional sources as required

Option D Scanning & Certification Services

Option D for SIEM Co-Sourcing provides for the addition of common out-sourced security services that complement any SIEM deployment. These services include regular vulnerability scanning and penetration testing, as well as site certifications for perimeter or internal network security configurations.

Typical Scanning and Certification Services include:

  • Vulnerability Scanning
  • Desktop Scanning
  • IP Scanning
  • Wireless Scanning
  • Site Certifications – Perimeter and Internal

 
Learn more about Co-Sourcing
 
 
© 2008 Vigilant, LLC..   All Rights Reserved         | Legal         | Privacy
 877.846.2690