What are ArcSight Implementation, Optimisation and Managed Services?
ArcSight is the clear market leader for Security Incident and Event Monitoring (SIEM) solutions, also known as log monitoring and management solutions. The value and return of the investment in an ArcSight solution will depend greatly on how effectively the solution is implemented and optimised.
With our experience implementing and integrating ArcSight solutions and operating SOC's for over 30 clients across the globe, we understand the processes and offer clients a way to extract maximum return from their investment.
Overview of our services
Security Alliance offers comprehensive implementation and managed services to set up and manage an integrated and holistic system for security monitoring using the ArcSight platform. Technology and processes for security monitoring are implemented quickly and effectively, using a seven step process:
Step 1 - Asset valuation & risk profiling
During this phase, an asset inventory is built up of the servers and devices in scope. Asset valuation is carried out. Assets are valued as high, medium or low value based on their criticality to business processes, replacement cost and dependencies with other assets. Risk profiling includes network modelling based on placement of assets in the network.
Step 2 - Log baseline development
During this phase a log baseline is developed for all assets in scope. A gap analysis will be conducted to determine the logging capability of each asset, current logging enabled and the required level of logging. We coordinate with the relevant IT and security teams to enable the additional level of logs required across assets. In this phase we achieve the following:
- Configure devices to generate security essential events
- Stop or reduce noise events
- Optimise event collection to increases detection capability and reduce consumption of log monitoring system's resources.
Step 3 - ArcSight implementation
The implementation phase involves installation of ArcSight software product modules, databases and agents. Configuration includes population of asset database and network model. Vulnerability scanning will be carried out for the devices in scope. We will capture the known vulnerabilities that might be exposed, and integrate this information into the product. ArcSight Connector or agent roll out is carried out for the defined scope, and coordinated with the relevant IT teams.
Step 4 - Customisation of ArcSight rules, reports & dashboards
In this phase, the customisation of rules to filter in required events is configured. Rules for alerting are developed based on threat scenarios. This also includes correlation rules. ArcSight report formats are developed and finalised based on feedback from the customer. These include daily, weekly and monthly MIS reports, threat scenario-based reports, and trend analysis. Security dashboards are configured based on business requiements. The service includes management-level heat map reports, to track and identify improvements in IT areas, based on monitoring.
Step 5 - Development & implementation of Standard Operating Procedures (SOP)
During this phase we develop and implement the SOP framework. The SOP lays the foundation for implementation of robust and scalable monitoring practices, encompassing all the critical processes requires for SOC. The SOP integrates with IT and other security processes, and automated using the service desk of the customer.
Step 6 - Development of Service Level Agreements (SLAs)
It is good practice to develop SLAs to deliver services to business units and to measure effectiveness. We develop SLA metrics aligned with business requirements and processes to track, measure and report against SLAs.
Step 7 - Knowledge transfer
There is consistent knowledge transfer across the implementation phase. We train the client team on configuring and using the services, and train the operations team on processes and handover SOPs that have been developed.
Managed ArcSight Service
Security Alliance offers a fully-managed security incident and event monitoring (SIEM) service, based on the ArcSight platform and designed to automatically collect security events from key points across the network, correlate the data and provide both automated and human analysis of security threats.
This service is run from a fully-established, ISO27001 certified Security Operations Centre (SOC).
The architecture of our security monitoring service collects, normalises, aggregates, filters and correlates millions of events from thousands of assets across the customer's network into a manageable stream of data, which is then prioritised according to risk levels. The events are then analysed in order to minimise false positives and false negatives, enabling a high degree of accuracy in identifying intrusion events and other security incidents.
Real-time detection and analysis of events using ArcSight enables the client to react quickly in order to minimise security and business impact.
Key service attributes
- Supply, Implementation and Optimisation of ArcSight platform and related modules
- Development and implementation of key processes as part of Standard Operating Procedures (SOP)
- Set-up of log baseline, global threat integration, to see more events and gain key insights
- Customisation of ArcSight to deliver rules and reports for critical threat scenarios
- Development of custom ArcSight connectors on a need basis
- Knowledge transfer and handover to client team or
- Full 24*7 Managed Service from our ISO27001 Certified SOC
What you receive
- Fully implemented and optimised ArcSight Security Operations Centre
- Set of Standard Operating Procedures
- Set of Service Level Agreements
- Optional ongoing ArcSight optimisation services
- Optional ongoing 24 * 7 monitoring and managed services
What to do next
Contact us on 0844 488 0964, email us at info@securityalliance.co.uk or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.