We work with our clients to provide actionable intelligence and support their security decisions by collating, analyzing, correlating and visualizing security events and logs from diverse IT systems and applications. Aujas provides services to design and deploy security intelligence solutions and helps its clients optimize and enhance their existing deployments.
Organizations today are more complex and rely on IT as much for competitive advantage as for efficiency. This often leaves them vulnerable to sophisticated and targeted security threats, so it is critical to have a strategy in place for detecting and preventing threats. The Aujas security intelligence practice provides services to secure our clients networks and systems, which allows them to focus on their core businesses.
We help clients adopt a proactive response to threats. We gather security intelligence and then we leverage Indicators of Compromise (IoC) to combine attack vectors and trails to create advanced correlation rules for SIEM/SA systems. This allows us to identify potential attacks before they occur. Our Correlation Library includes rules that are technology-neutral and can be deployed on most SIEM/SA systems. Our proactive security intelligence paradigm also helps organizations upgrade and strengthen their threat management posture.
Aujas also offers comprehensive services for security operations centers (SOC) and security incident response teams (SIRT). We provide lifecycle support for SOC/SIRT design (people, process and technology), implementation, operations, and improvement. We have designed and operated integrated security operations centers (iSOC) for multiple customers that bring together advanced analytics and visualizations around compliance, traditional SIEM/SA, data protection, application security, and threat management.
To address emerging security threats more effectively, Aujas has brought together elements of reactive and proactive responses, log analysis, and correlation rules into an innovative framework. We offer the following services:
SOC Strategy & Planning
Review business requirements, conduct SOC maturity assessment, Conduct SOC technology solution/product evaluations, Develop SOC strategy, high level architecture and roadmap
SOC Framework and Consulting
Develop SOC framework including governance, policies, processes, procedures; Define incident management and threat intelligence framework and its automation, Define use case frameworks and SIEM rules and its corresponding run books and create SOC service catalogues
We leverage an Indicators of Compromise (IoC) paradigm so that the Security Incidence Response Team, commonly called the SIRT, is able to create Security Information and Event Management (SIEM) rules based on all available threat intelligence. These rules can be applied to indicate an actual compromise, as well as the risk of compromise.
The framework consists of the following:
- Governance team, roles and responsibilities, processes, metrics, etc.
- Policies and procedures for operating SIRT
- Incident database to act as a knowledge base of scenario responses
- Indicators of Compromise guidelines for developing, testing, and fine-tuning IoCs.
- Training and awareness to help sustain the program within the organization.
- Technology integration with SIEM/SA systems, creation of rules based on IoCs, testing and fine-tuning rules for compromise detection
- Monitoring and reporting of the incidents and managing the consequences
Our holistic threat intelligence incident response framework also includes incident categorization and rating criteria; comprehensive process flows showing cross function team involvement during each stage; an interaction model to co-ordinate incident response; and a matrix of clearly defined stakeholder, team and third party obligations.
SOC Architecture Design
Design detailed SOC technology architecture considering business and operational requirements, including integration, automation and continuity
SIEM Implementation and Integration
Configure and integrate SIEM solution, Integrate SIEM solutions with other technologies eg. Asset, vulnerability management & Incident Management tools
Today, stealing sensitive data is the focus of almost all malicious activity. Organizations often are not prepared to deal with these threats and must find newer approaches to secure their data.
Our services help our clients transition from a reactive event/incident based response to a more proactive approach where the systems ‘look’ for potential compromise. Our services include:
- Technology landscape assessment – Assess technology assets, log volumes, sources, locations, etc.
- Business requirement analysis – Identify business expectations and objectives from the system.
- Architecture design – Design the SIEM/SA technology architectures, identify log sources and the log characteristics required to support the business requirements. Design the correlation rules.
- SIEM/SA integration – Implement the SIEM/SA system, integrate log sources, implement rules, set up reports and dashboards, monitor and fine-tune rules.
- Review and optimize – Review design criteria, expectations, ground reality, and the existing system to identify improvement areas.
Our specialists have experience with many SIEM/SA products and our delivery is vendor-neutral. They also can create custom parsers to enable our clients to integrate legacy systems.
SIEM Optimization, Advance Correlation Rules and Use Cases Configuration
Identify business environment specific use cases and configure advanced correlation rules. Review and improve existing SIEM rules and optimize for increased accuracy. Automate use case responses and perform threat intelligence, Setup correlation rules to process and detect advanced patterns
Analytics and Reporting
Use Aujas SAVP to perform data analytics and generate customized visualization reports
As information security specialists, we know what a security officer needs to see from a SIEM/SA system. We work with our clients to identify the key elements and metrics that they want; this can vary from standard compliance reports to reports that identify potential fraud or compromise.
By leveraging our correlation library we can create rules that deliver dashboards and visualizations to support the most popular reports such as authentication and authorization, network traffic, and change reports. We can also produce complex ones such as physical and logical access, insider threats, and potential fraud.
Custom Parser Development Standalone extension for SIEM/SA useful for heavy lifting based parsing for logs that are encoded or formatted in proprietary methods
Our specialists assist with SIEM/SA systems upgrades, migration, reports and dashboards, and custom parser development. Their capabilities include:
- Working with application and device owners to build understanding of log formats of non-standard formats
- Developing connectors for natively unsupported applications and devices
- Establishing workflows
- Segregating and setting up roles
- Reviewing and optimizing alerts and rule bases periodically
- Providing root cause analysis for the highest priority security incidents
- Customizing the security dashboard and extracting reports
Co-Managed SOC Services
Co-managed SOC including managed services for SIEM administration and optimization, Incident reporting, investigation and management and customized analytics and reporting. Available either offsite or onshore
SOC Skill Augmentation
Provide qualified and skilled resources for managing day to day SOC operations and threat intelligence
SOC Maturity Assessment and Audits
Functionality and performance audits to benchmark SOC framework against industry standard comprising of governance, incident management, platform, processes and technology
Most Security Operations Centers (SOC) focus on providing incident identification and notification services, with escalations and tracking. They usually deploy SIEM/SA systems and action the generated and categorized events. Unfortunately SOC are limited by the number of security assets that are fed into the SIEM/SA systems.
We take a more integrated approach. We work with our clients to evolve the traditional SOC to ensure it not only handles all the ‘operational’ elements of the information security team, but also employs processes, metrics, KPI tracking and compliance reporting. With these added elements, it offers real value to IT, InfoSec and most importantly, business stakeholders.
Our I-SOC (Integrated-SOC) methodology integrates and consolidates all security operations. The big benefit here is that operational elements are offloaded from various team silos to a small, focused team who can also provide a holistic view to stakeholders. Our SOC consulting services include:
- Maturity assessment – We review the SOC objectives, governance, services, technology, processes, people and SLAs to identify the maturity level. The result of this assessment is gap identification and recommendation report with a roadmap for improvements.
- Design and deployment – We help our clients design and deploy the SOC. We start with a business case and design all the necessary elements, including the governance framework, service catalog, technology selection, and the technology deployment and integration plan. We also design processes based on the IT Infrastructure Library (ITIL), and then the staffing plan. Then we establish a project management office (PMO) and bring in various specialists to deliver and integrate the components.
- Operation – When necessary, we can operate the SOC for a client. Our trained teams manage all levels of security incidents, from detection to root cause analysis. Our services are customizable and we are can handle year-round, 24×7 operations.
Security Analytics and Visualization Platform (SAVP)
The platform has been designed and developed to provide clients with high level of customization for visualization, workflow definitions etc. Its flexibility and adaptability at a reasonable TCO makes its one of its kind in the industry. The parser model allows for easy control integration for new of modified technologies or processes.read more
Security Intelligence and Log Analysis Aujas Approach and Competency with IBM QRadar
Aujas is a global information riskmanagement solution provider. Aujas provides flexible service offerings for security analytics,intelligence and reporting,in additionto protecting data,applications and identity.read more