How Can We Help?
Our Security Intelligence and Operations Practice, is a global team of over 40 professionals distributed across the US, Middle East and India, specialized in strategy, planning, implementation & sustenance of SIEMs and Security Analytics tools.
Our Managed Security Services (MSS) for QRadar offers the best in the way of expertise and cost efficiency. It gives you everything that is required to manage and sustain your QRadar SIEM, without the pains. It provides the VALUE you are looking for.
( * QRadar brand and logo is copyright / trademark of IBM)
Our Managed Security Services for QRadar consists of 3 modules as follows.
A. SIEM Operations – 24 x 7Everything that is needed for managing the SIEM from an operations perspective. Includes the following key actions and deliverables:
- Periodic monitoring for alerts and logs from all connected systems. Investigate and report anomalous data.
- Review and Analyze SIEM alerts and mapping them with environment context.
- Monitoring the action taken on the alerts by incident response teams.
- Providing solution/workarounds for remedy of security alerts & follow-up for remediation implementation.
- Escalation of security alerts whenever required as per established process.
- Assist in forensic analysis as and when needed.
- Notice log spikes and dropped events. Investigate and escalate as necessary.
- Respond to inbound requests via phone and other electronic means for technical assistance
- Preparing overall Security Intelligence reports and presenting them to security leadership on a periodic basis.
B. SIEM Technical Support & System Administration – 24 x 7
Everything that is needed for managing the SIEM from a technical and administration perspective. Includes the following key actions and deliverables:
- Manage user access including user and group permissions updates.
- Verify data collection and log continuity.
- Review application performance, capacity, and availability make recommendations as appropriate.
- Verify time synchronization among SIEM System components.
- Perform archival management and retrieval per change management process.
- Daily and weekly health check. Generate daily and weekly reports.
- Provide software-level management for the SIEM System components including patches and upgrades.
- Assist is BCP DR testing of the SIEM environment.
- SLA driven Incident response in event of QRadar being unavailable.
- Coordinating with IBM for submitting tickets and closure.
C. Essential & Standard Enhancements
All the essential and standard enhancements needed to get the best from your QRadar investment, as follows:
- Setup of new reports and alerts (upto 30* bundled reports and alerts per year)
- Setup of executive dashboards (upto 5* dashboards per year).
- Integration with supported ticketing system.
- Operationalisation of QRadar Vulnerability Manager and QRadar Risk Manager.
- Integration with new log sources (up to 10* log sources per year with QRadar bundled DSMs and up to 2* unsupported log sources per year needing custom DSMs)
With our Managed Security Services, You get the best of both worlds - the expertise & cost efficiency.
This is based on our extensive experience with SIEM deployments, across many strategy, planning, implementation & sustenance projects.
* Please talk to us for a detailed offerings datasheet, pricing details, and add-ons.
Talk to our Experts
Please fill the form for a 30-Min Consultation with our Senior SIEM Experts