Georgia: 229.228.1064
Florida: 850.562.0121

Security Information and Event Management + SOC

A technology platform that can detect security events, all while logging information for real-time or historical analysis.

What is a SIEM?

SIEM or Security Information and Event Management is a technology platform that can detect security events, all while logging information for real-time or historical analysis.

Here’s an example. Someone is copying thousands of files from your server. A SIEM could:

  • Identify. The program knows what routine file copying looks like, so this unusual behavior causes alarm. 
  • Log. The SIEM keeps track of the problem when it started, and everything it will do next to make the issue stop. 
  • Alert. The system sends a notification to appropriate parties that something is happening. 
  • Direct. The system could block that individual user from copying files until the investigation is complete. 

Think of a SIEM as a courier vehicle, it drives around your network collecting audit log data from a variety of equipment including, but not limited to, your Firewall, Switches, Wireless Access Points, Servers, Workstations, Antivirus, EDR, etc. It will even collect and monitor all traffic on your network.

What is a SOC?

A SOC, or Security Operations Center, is a team of information security engineers who monitor and analyze system events on an ongoing basis.

If the SIEM is the vehicle, the SOC is the driver. The typical SOC is a centrally managed team of security engineers focused on monitoring specific systems for suspicious activity and often times intervening before attacks become significantly damaging.

A SOC will have engineers from a variety of security-related fields. In addition to security engineers, you might also have leaders who focus on impact, communications, and project/incident management. The SIEM is at the center of the SOC, as the SIEM provides the SOC with the pieces of information they need to take action.

The SOC will follow specific protocols such as monitoring coverage times and standards, steps to be taken in the event of an incident, responses to third parties including potentially law enforcement agencies or attorneys, and others.

 

Co-managed threat detection and response, backed by our in-house Security Operations Center (SOC), Perch can launch your cybersecurity program, or add depth to the visibility you already have.

ECR is an expert on the various tools Perch offers and leverages that knowledge to support your organization. The toolbox we optimize for your organization includes:

  • Security Incident and Event Monitoring (SIEM) – The SIEM captures, parses, and correlates log data from security and networking devices to increase network visibility into anomalies that may be indicators of compromise.
  • Behavioral Monitoring – Includes Syslog monitoring, packet capture, service availability, and infrastructure monitoring to detect suspicious behavior that can provide early warning of malicious activity.
  • Intrusion Detection – Perch regularly updates Network Intrusion Detection (NIDS) signatures to detect the latest threats that may affect your environment. ECR will implement Host-Based Intrusion Detection (HIDS) agents on your most critical assets.
  • Asset Discovery – Uses both active and passive discovery methods. Active discovery loads network configuration to SIEM. Passive discovery watches network traffic and logs data in support of SIEM and Behavioral Monitoring.
  • Vulnerability Detection – ECR continuously monitors network traffic comparing it to known vulnerabilities for immediate threat discovery. Active detection scans individual systems and subnets. We will run vulnerability scans on a mutually defined, risk-informed frequency. Based on the quantity of data running through each device; the criticality of the device; the known vulnerabilities associated with the device; and the schedule of automation jobs on, and usage of, each device.

 

Detect threats that get past traditional security tools

Single pane-of-glass view

Built from the ground up with multi-tenancy, Perch makes managing all of your customers a breeze. And it’s transparent – you can see everything that we see, all the way to the detailed Indicators of Compromise (IoCs) and our analysis.

Security Operations Center included

Our team of threat analysts does all the tedium for you, while you collect all the accolades from your clients. If you prefer to analyze threat indicators yourself, just click Perchybana and dive in. Optional service level agreements guarantee a fast analysis turnaround.

Popular integrations built-in

Dynamic domain blocking for your favorite firewalls, fresh integrations like Cisco AMP for Endpoints, Carbon Black, SentinelOne, Umbrella, and Duo fuel a simplified workflow.

Microsoft 365 & G Suite Monitoring

Defend your company against business email compromise (BEC), account takeovers, and have visibility beyond your network traffic. Make your Microsoft 365 & G Suite logs searchable, parsable, cleaner, and reportable. Build alerts that suit your needs to get notified in real-time, then investigate the impact through Perchybana.

Connect to your favorite feeds

Cover your environment with the best threat intel on market. Perch ingests and automates the most popular threat intelligence feeds – you can select which ones through our platform. No more noise for you, only identified threat activity from our SOC.

Super-fast implementation

Perch sensors can be set up over a coffee break. You can install them yourself – or our team is can preform the installation. Our team is standingby to assist if you have any questions or difficulties.


GET STARTED

We'd love to work with you.

Contact Us