Every behavior in a network can be traced. Based on these behaviors, certain alerts are – usually automatically – triggered. It sometimes happens that this is a false alarm. This is called a “false positive”. It can be challenging to process these false positives correctly.
Is your team also flooded with meaningless alarms that you don’t know what to do about them? Or how to act on it?
We offer organizations 24/7 monitoring from our own Security Operations Center. Our experts triage alarms and filter out false positives. In addition, the detection mechanisms we use are constantly refined. We continuously and proactively adjust use cases that activate alarms. Building on upon our knowledge of threat information, we also act on the specific threat landscape of an organization.
With the SIEM service, you report as soon as possible if a threatening party has breached, or is attempting to do so, an enclosed IT asset and / or infrastructure.
The service uses the SIEM platform as the data source on which our Managed Detection Engine (MDE) conducts frequent interrogations based on the latest information on threat actor tactics, techniques and procedures. MDE is our approach to ensure that our detection and response services have the most advanced and current threat detection content library. Our SIEM customers also have insight into the security system via a live coverage map that shows the current threats and which threats they are protected against, with which corrective measures.
The Fox-IT SIEM Threat Detection Service includes the following components:
• Analysis and investigation of alarms
• Threat hunting
• Reporting on the services
• Optimization of protection against threats
• Retained Incident Response (optional)