Castra helps clients get the most of their investment. As threats evolve weekly and new scenarios arise, Castra Consulting is able to ensure client SIEM platforms are not only working well, but returning actionable alerts and relevant reports.
A sample description of what Castra Consulting accomplishes with mSIEM:
Health monitoring:
* All hardware stats, All event flow rates, All real-time
* 24×7 health alerts for platform faults with immediate notification
* Tailored security alerting and presentation
* Correlation and escalation tuning in-platform adjusted upon changing device types and rates
* Re-weighting of assets and network zones due to ever changing customer environment
* Critical alerts forwarded to customer’s incident ticketing platform (SNMP, email, syslog, custom hook)
Weekly client web meeting with report of top issues:
* Change recommendations for the application
* Recommendations for enhanced client usability
Proactive review of platform and alarming:
* Bottlenecks / latency of events or alert generation
* Future considerations, new correlations, scaling, trending
* Advanced analytics surrounding events and alarm histories
Relevant reports to address security needs:
* Delivered to meet client contexts changed to address business verticals
* Reviewed weekly with the client for efficacy
Typical Items addressed:
* Is an alert the client requested working?
* Tune data feeds and alerts to highlight emerging security threats
* Add Threat Feeds as needed
Leverage operational experience to derive actionable alerts and reduce False Positives:
* Reduce noise from data feeds
* Adjust weights for threats against customer’s critical/operational infrastructure
* Best practices from proven operational methodologies
Source: PR.com. The original press release can be found here.