Let's face it…event logging and correlation requirements associated with PCI, HIPAA/HITECH, GLBA, SOX, and NERC can be overwhelming. The infrastructure costs of modern SIEM technology are extremely high. Furthermore, the internal personnel costs to effectively manage this key security function are getting higher every day. nGuard's Managed Event Collection & Correlation (MECC) Service provides both management of the security event management infrastructure and analysis of the data. This approach frees up your key IT security personnel to focus on strategic activities.
- Key Features
nGuard provides complete coverage of all systems & devices within your enterprise.
- Security Devices – Your company's firewalls, intrusion prevention systems, and antivirus management solutions contain critical log information. Used for forensics analysis and event correlation, deleting these logs to "cover their tracks" is a favored hacker technique. nGuard's MECC solution can collect and correlate most major security vendor logs including Cisco, McAfee, CheckPoint, Juniper, Fortinet, Watchguard, and more.
- Network Devices – Routers and switches provide key logging at network perimeters, remote sites, and across internal networks. Our MECC solution supports all market leading network devices, as well as many more obscure devices. These include Cisco, Juniper, HP, and more.
- Key Servers – Servers are capable of providing the most detailed logging available. Login times, accessed directories, modified files, application errors, and suspicious events can all be captured for forensics analysis in the event of a security breach. As with security device logs, erasing these logs is a hacker's first priority when a system has been compromised. nGuard's MECC solution stores these logs offsite where hackers are unable to access them. All market leading operating systems are covered including Windows Servers, Redhat Linux, SUSE, AIX, Debian, and more.
- Laptops & Desktops – Protected or regulated information also lives on endpoint computers, be they laptops or desktops. In the event of a security breach, capturing key desktop events can provide an invaluable audit trail and essential forensic data. nGuard's MECC coverage includes Windows, Mac, and Linux desktop operating systems.
- 24×7×365 Analysis & Response – Our security solutions are designed to provide around-the-clock protection. nGuard's team of managed security professionals respond to security incidents whenever they occur, so you don't have to.
- Proactive Log Analysis & Correlation – nGuard's managed security team performs both manual and automated daily log analysis that proactively detects suspicious activity in your environment.
- Offsite Log Storage – Since security event data is sent offsite for analysis & correlation via nGuard's MECC service, the data is also retained for historical analysis. With security event logs safely offsite, hackers can't erase or alter evidence to any of their activities that created a compromise. Additionally, your log data is backed up & archived, per the retention policy requirements. This offsite storage of log data, and the protection this provides, is a key capability that is very difficult for "in-house" security teams to deliver.
- Best-in-Class Expertise – Even the best technology is insecure if not configured and constantly maintained by credentialed security experts. At nGuard, our managed security professionals come from a wide range of IT backgrounds and hold various security certifications including CISSP, GIAC Certified Incident Analyst (GCIA), Security+, and more.
- Standardized Monthly Reporting – In-depth monthly reports provide key insight into what's happening in your environment. Easy to read charts and graphs provide a snapshot of malicious activity, as well as the proactive steps nGuard has taken to better protect you.
- nGuard Client Portal Access – The nGuard Client Portal provides access to all event logs, monthly reports, secure messages related to ongoing security events, and more.
- Satisfies Regulatory Compliance – Having the proper Security Incident & Event Management (SIEM) solution in place is key to obtaining and maintaining compliance for many regulatory and compliance targets such as PCI/DSS, HIPAA/HITECH, GLBA, SOX, NERC CIP, FISMA, FERPA, FedRAMP, and more.
- Frees Up IT Resources – Given that most firms are understaffed, security can often be the first thing to suffer. nGuard's Managed Event Collection and Correlation solution puts the burden of properly managing your SIEM solution in the hands of our credentialed security experts. Our security experts handle all the administrative aspects of managing an SIEM solution including analysis and response to events, keeping data backed up, performing infrastructure upgrades, and more. Your team can then focus on tasks more strategic to your organization.
- Lowers IT Costs – A robust SIEM facility in your organization requires more than just technology --it requires certified security engineers and 7x24 security event monitoring. nGuard's MECC solution helps drive your Total Cost of Ownership (TCO) lower by providing the expertise, the 7x24 coverage, and the best-in-class SIEM technology for a simple monthly operational expense.
- Protects Your Data – Based on market leading SIEM technology and best practice security management processes, an nGuard MECC solution provides unsurpassed protection you can count on.
- Protects Your Reputation – Security breaches happen every day and can cause embarrassment, downtime, and harm to your company's reputation. A managed SIEM solution dramatically increases your firm's security posture, helping you maintain the confidence of your customers and partners.