AlienVault Managed SIEM Service
By Passionate Cyber Security Professionals
By Passionate Cyber Security Professionals
We Provide the
People, Processes, Technology and Knowhow
To Protect Your
Businesses, Customers, Partnerships and Investors
So, you can
Be Focused on the Business of Your Business
Genuine AlienVault Managed SIEM Service:
– Conducting investigations
– Data Ingestion Minimisation to save cost
– Eyes on Glass Security Operations Centres
– Fast Investigation and Response
– Full set-up assistance
– Isolating devices
– Managing alerts
– Security Automation and Orchestration Response (SOAR)
– Setup and Execution of Automated Playbooks
– Manual prevention of persistence and lateral movement
– Manual prevention of sophisticated attacks
– Proactive 24/7 response
– Setup of customised dashboards for data insights
– Terminating malicious processes
Our AlienVault Managed SIEM Service combines our Technology, People, Processes and Knowhow with the SIEM and SOAR capabilities of AlienVault and the world’s largest threat intelligence pool.
AlienVault can detect threats, On Premise, and in the Cloud (Azure, AWS and Google), at Endpoints and from hundreds of SaaS applications. Combined with the ability to ingest data from all leading security vendors our AlienVault Managed SIEM Service is extremely flexible making our AlienVault Managed SIEM Service appropriate where flexibility is needed.
AlienVault is best when networks use mixed cloud and multiple Cyber Security Vendors.
With controls on data under management per staff member, HackNo ensures we can provide the kind of response times you expect from an Eyes on Glass operation
Hot Storage (Real Time Event Search)
Any event log collected by HackNo’s AlienVault Managed SIEM Service is stored within compliant-ready and secure hot storage for the specified period of time (15, 30 or 90 days). The standard approach used is a write once, read many (WORM) to log storage in order to prevent log data from being modified or otherwise tampered with. Hot storage allows for faster viewing of event history in the case of forensics.
Cold Storage (AWS)
Infinite (unlimited) Days
Infinite (unlimited) Days
Infinite (unlimited) Days
Any event log collected by HackNo’s AlienVault Managed SIEM Service is stored within compliant-ready and secure cold storage (AWS). Data is kept indefinitely in cold storage for as long as invoices continue to be paid, with download capability also available. The standard logging approach used is a write once, read many (WORM) to log storage in order to prevent log data from being modified or otherwise tampered with.
Raw logs are available at any time, for example in the case of forensics such as investigating a fraud incident within an organisation which may require log events to be investigated several years into the past.
Eyes on Glass SOC Monitoring
HackNo’s AlienVault Managed SIEM Service monitors and analyses activity across the entire network including on-premise, off-premise cloud, endpoints and hundreds of common applications looking for anomalous activity that could be indicative of a security incident or compromise.
With HackNo the effort doesn’t end with systems, HackNo’s AAlienVault Managed SIEM Service leverages people, processes, and technology to continuously monitor and improve your organization’s security posture while preventing, detecting, analysing, and responding to cybersecurity incidents as per your IRP Incident Response Plan.
HackNo’s AlienVault Managed SIEM Service is the core of HackNo’s piece of mind Cyber Security.
Asset Discovery & Inventory
HackNo’s AlienVault Managed SIEM Service uses tools to discover and inventory all the assets (servers, desktops, laptops, connected mobiles, virtual machines, containers, firewalls, switches, and printers, etc) in your network and correlate asset information with threat and vulnerability data.
The dynamic nature of today’s cloud, on-premises, and hybrid network environments requires continuous network vulnerability scanning to defend against the evolving threat landscape. Constant application updates and changes to application and system configurations can introduce vulnerabilities and leave you susceptible to an attack, even if you are keeping your security controls up to date.
HackNo’s AlienVault Managed SIEM Service vulnerability scanning identifies and creates an inventory of all the systems (servers, desktops, laptops, connected mobiles, virtual machines, containers, firewalls, switches, and printers etc) connected to a network. For each device that it identifies it also attempts to identify the operating system it runs and the software installed on it, along with other attributes such as open ports and user accounts.
After building up an inventory, the vulnerability scanner checks each item in the inventory against known vulnerabilities to see if any items are subject to any of these vulnerabilities.
HackNo’s AlienVault Managed SIEM Service performs vulnerability assessments to define, identify, classify and prioritise vulnerabilities across your entire network so that the most critical vulnerabilities (those that a Hacker may exploit) can be taken care of with priority.
HackNo’s AlienVault Managed SIEM Service performs vulnerability assessments on an ongoing basis and responds as per the Incident Response Plan (IRP) in place with our clients.
HackNo’s AlienVault Managed SIEM Service employs intrusion detection software as part of HackNo’s service offering. HackNo’s solution includes built-in host intrusion detection (HIDS), network intrusion detection (NIDS), as well as cloud intrusion detection (CIDS) for public cloud environments including Google Cloud, AWS and Microsoft Azure, enabling you to detect threats as they emerge in your critical cloud and on-premises infrastructure.
SIEM Event Correlations
Security Information and Event Management (SIEM) is where software products and services combine security information management and security event management. Providing real-time analysis of security alerts generated by applications and network hardware.
HackNo’s AlienVault Managed SIEM Service employs SIEM Event Correlations. SIEM event correlations are an essential part of any SIEM solution. SIEM event correlation aggregates and analyses log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviours that otherwise go unnoticed and can lead to compromise or data loss.
Generated data for SIEM event correlations can be overwhelming. HackNo’s systems take available information and filters out noise to generate actionable intelligence related to which events could cause a security breach, allowing targeted response.
HackNo, with our clients, develop a Full Incident Response plan which is followed by our AlienVault Managed SIEM Service, providing you with confidence that a level of response is regularly employed on your behalf.
Incident Response is best driven by an incident response plan. If you do not yet have an Incident Response Plan, a HackNo representative can assist with developing one with or for you. If you already have an Incident Response Plan, HackNo’s AlienVault Managed SIEM Service can augment into your existing plan.
Endpoint Detection & Response
Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
Endpoints include not only desktops and servers, but laptops, tablets, smartphones and internet of things (IoT) devices.
Increasingly, endpoints represent one of the top areas of security risk for organizations and as a result, EDR is becoming increasingly important. Cyber criminals are increasingly designing their attacks to evade traditional endpoint prevention and protection tools, in response HackNo’s AlienVault Managed SIEM Service as part of our services seek evidence of attacks that might not trigger traditional prevention rules.
While many security teams recognize the need for advanced threat detection for endpoints, most do not have the resources to manage a standalone EDR solution.
Endpoint detection and response solutions, such as that employed by HackNo’s AlienVault Managed SIEM Service record system activities and events taking place on endpoints and provide HackNo’s AlienVault Managed SIEM Service team with the advanced analytics they need to uncover incidents that would otherwise remain invisible. Commonly also known as detecting and investigating suspicious activities on hosts and endpoints.
HackNo’s AlienVault Managed SIEM Service platform centralizes and automates threat hunting on endpoints across your cloud and on-premises environments, so we can detect and respond to threats wherever they unfold.
The ability to unify data from both cloud and on-premises endpoints allows HackNo’s AlienVault Managed SIEM Service to obtain a holistic view rather than a siloed view from different systems represents one of the main advantages of HackNo’s Endpoint Detection and Response solution.
Raw logs are an invaluable asset for forensic analysis and compliance mandates. HackNo’s AlienVault Managed SIEM Service can review logs to find details about specific incidents, search the logs for instances using a specific IP address, or analyse the patterns of multiple attacks.
HackNo’s AlienVault Managed SIEM Service combines the essential security technologies needed to demonstrate compliance against today’s most challenging regulatory standards such as PCI, HIPPA, ISO 27001 and NIST CSF, or to meet compliance to any internal IT system requirements.
Let HackNo know what you need and HackNo will provide you with our best available standardised reporting, or generate custom reports at an additional service fee if not readily available.
For certain important events, you may want a notification to be sent to you or your team to inform them immediately. HackNo’s AlienVault Managed SIEM Service team will set these up for you. If you do not have any specific requirements, HackNo will recommend some and you may opt in if you choose.
File Integrity Monitoring
File Integrity Monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted.
The process employed by HackNo’s AlienVault Managed SIEM Service is called syscheck. The syscheck process scans the host at user-defined intervals and stores checksums of watched files. A checksum is a small-sized datum derived from a block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. The system then generates an event when a checksum changes.
HackNo’s AlienVault Managed SIEM Service system can also configure Windows systems so that host-based intrusion detection system (HIDS) agents forward object access audit events to the AlienVault Managed SIEM Service.
Audit events provide more information regarding the operations affecting file and folder objects, such as who performed specific actions or operations on an object.
System & User Behaviour Monitoring
User behaviour monitoring is a new approach to insider threat prevention and detection. HackNo’s system determines what is normal use and then monitors for abnormal use.
Implementing user behaviour monitoring is obligatory to comply with a lot of industry standards (e.g. NIST, HIPAA, PCI DSS, etc.).
Context is critical when evaluating system and network behaviour. For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic something is likely wrong.
Therefore, as soon as your HackNo AlienVault Managed SIEM Service solution is implemented, behavioural monitoring functionality starts gathering data to help you understand normal system and network activity. HackNo’s AlienVault Managed SIEM Service solution provides network behavioural analysis with service availability monitoring to create a full picture of system, service, and network anomalies.
Monthly Reporting & Dashboard View
HackNo can manage your reporting and dashboard needs.
Dashboards – Your internal IT team or curious nominated staff can access dashboards.
Reporting – HackNo’s reports are designed so they are easy to understand, not just for IT professionals.
Reports can be delivered to you monthly, including PCI, NIST CSF, HIPAA, and ISO 27001 compliance reports, alarm reports, asset reports and create event reports.
Integrating Ticketing & Alerting
HackNo’s AlienVault Managed SIEM Service can integrate with Service Now, Jira, Slack, Datadog. Jira being the most common ticketing and alerting system.
Orchestration with Security Tools
HackNo’s AlienVault Managed SIEM Service systems allow for orchestration and automation of threat detection and response across an ever-growing ecosystem of third-party security tools and IT applications, including Palo Alto Networks, Cisco Umbrella, Carbon Black, and many other Apps.
Automated Incident Response & Forensics
HackNo’s AlienVault Managed SIEM Service employs Automated Incident Response & Forensics with the intention of saving you money and reducing the cost of Cyber Security.
Automation expedites typical responses and repetitive tasks so little to no human intervention is required to detect and respond to security threats and incidents.
Digital forensics helps IT professionals (SOC Engineers and SOC Analysts) identify instances of cybercrime like malware and hacking.
By automating incident response, HackNo’s AlienVault Managed SIEM Service team can improve performance and save time, essentially giving you more for less, saving you money.
An example of automation is whereby as soon as ransomware is detected and an alarm is raised your system automatically responds by isolating the infected machines, allowing for a controlled response, rather than a mad dash to your servers or systems and frantically unplugging infrastructure.
With the right automated incident response, HackNo and your IT security team combined can stay in control of their incident response (IR) activities and respond to threats and intrusions swiftly and effectively, with less manual work—no wire-ripping required.
Dark Web Monitoring
Dark Web Monitoring employed by HackNo’s AlienVault Managed SIEM Service leverages SpyCloud technology to monitor the dark web to discover if your users’ credentials, such as email addresses, usernames, and passwords, have been stolen.
If detected, HackNo’s AlienVault Managed SIEM Service alerts you so that you can respond swiftly to the compromise, such as requesting users to change details and cancel credit cards, ahead of a breach.
While momentarily inconvenient, your customers will thank you and the efforts of another hack will be thwarted.
Support for High Data Volumes
HackNo’s AlienVault Managed SIEM Service system can manage your data needs, you need not be concerned about our capacity to cope. Importantly however, HackNo’s implementation plan is structured to ensure you get maximum bang for your data scanning buck by avoiding white noise data.
Supports PCI Log Storage Requirements
Payment Card Industry Data Security Standard (PCI DSS) is a security standard used to ensure the safe and secure transfer of credit card data.
PCI DSS compliance software is a must-have for any organization that handles credit card data or other types of payment card data. Failure to comply can result in PCI DSS penalties and fines imposed daily, and a data breach resulting from non-compliance could cost millions in settlements, legal fees, and loss of reputation.
HackNo’s AlienVault Managed SIEM Service solution provides everything you need to get ready for your next PCI DSS audit in one affordable, easy-to-use solution. HackNo’s AlienVault Managed SIEM Service solution combines the essential security technologies you need to demonstrate compliance, including asset discovery, vulnerability assessment, log management, file integrity monitoring, and others. It also provides predefined compliance reports out of the box and automatic threat intelligence updates, helping you to stay in compliance with continuous security monitoring.
Advanced Threat Intelligence
HackNo’s AlienVault Managed SIEM Service systems provide up to date information related to sophisticated malware or hacking-based attacks targeting sensitive data. Where possible, HackNo integrates with security tools to automate the response within your environment. With automated feeds of threat intelligence, combined with our AlienVault Managed SIEM Service team of analysts HackNo provides proactive threat hunting, enhanced abilities to prevent incidents before they occur, and respond to events in real time.
As many as needed
As many as needed
As many as needed
Lightweight sensors and agents are the only components deployed in your environment.
Sensors employed by HackNo provide deep security visibility into both your cloud and on-premises environments.
HackNo’s AlienVault Managed SIEM Service virtual sensors run on VMware and Microsoft Hyper-V to monitor your on-premises physical and virtual IT infrastructure. In the cloud, lightweight cloud sensors natively monitor Google Cloud, Amazon Web Services and Microsoft Azure Cloud.
Each sensor is purpose-built to fully leverage the native data collection methods of each environment: AWS, Azure, and on-premises physical and virtual infrastructure deployed on Hyper-V or VMware. Deployed agents collect data from your Windows and Linux endpoints.
Deployed sensors conduct scans, monitor packets on the networks, and collect logs from assets, the host hypervisor, and cloud environments. Collected information is stored in HackNo’s AlienVault Managed SIEM Service secure cloud and used by HackNo’s AlienVault Managed SIEM Service in providing Cyber Security services.
The deployment of sensors by HackNo allows centralized security monitoring of your cloud, on-premises, and hybrid IT environments, including your endpoints and cloud apps like Office 365 and G Suite amongst others.
HackNo has developed and applies a number of custom dashboards within AlienVault to provide our SOC teams with greater insights into client environments than would be achieved from native AlienVault rules/reports.
Our proprietary customised dashboards allow us to combine data from disparate sources to create rich data insights. You gain from our experience with AlienVault as we use insights to check correlated security events, availability, performance, usage, and overall health of the underlying components of your network.
The boards asking about security, we have a dashboard for that.
HackNo’s SOC’s team’s continuously monitor events and alarms within AlienVault and associated services for potential security incidents or potential risk exposure.
Alarms, combined with Threat Hunting activity, are investigated and a determinization is made whether a security incident or potential risk requires the creation of an investigation and customer notification.
If no Investigation is required, the Alarm is closed.
Eyes on Glass means that our Security Operations Centre’s have people in attendance 24/7 and not just systems logging data 24/7
Via 3 Security Operations Centre’s our operations follow the Sun, allowing us to have the best, highly engaged, professional talent, on task when they are needed.
AlienVault stores logs at your nominated AWS location(s), ensuring all data sovereignty requirements can be met.
When managing the AlienVault Managed SIEM Service for clients, HackNo’s 24/7 Eyes on Glass SOC teams interact with AlienVault in the same way you read internet sites online.
Which means, our interactions with AlienVault have no impact on your businesses data sovereignty.
Meaningful Monthly Reporting is provided to nominated recipients
Our Meaningful Monthly Reports are not just for the technical team, but are equally as helpful to executive management and board members