Cyber Threat Monitoring + SIEM

Nuspire’s Cyber Threat Monitoring (CTM) service is designed to provide clients with proactive security monitoring of customer-owned devices.  Devices and systems that are typically monitored include firewalls, routers, switches, Windows event logs, Linux Syslogs, and other application-based logs.

The service includes log management, monitoring, and analysis through Nuspire’s Security Information Event Management (SIEM) technology.  The system is managed by a skilled team of security engineers who provide advanced log analysis, alerting algorithms, integrated threat intelligence, IOCs alert management, investigation of alerts, and remediation assistance. 

The service includes complete auditability of incidents via Trax: Nuspire's web and email-based security platform. The system allows customers to see all the current and past security threats and cases. This interface provides auditors and compliance officials the tangible verification that the organization is being actively monitored and secured.  

Features of the Cyber Threat Monitoring solution include:

  • 24/7/365 monitoring of SIEM events
  • Daily/continuous log review
  • Monthly trend analysis review
  • 24/7/365 threat intelligence monitoring
  • Online reporting
  • Documents that demonstrate compliance with industry and regulatory mandates
  • Proof to auditors and other third parties that IT controls are in place and effective

CTM includes Service Level Agreements (SLAs) for the following:

  • System availability
  • Alert response time
  • Ticket update frequency
  • Technical Assistance Center (TAC) availability
  • Security Operations Center (SOC) availability

Cyber Threat Management

Advanced Threat Intelligence

Nuspire’s Advanced Cyber Threat Intelligence is a blend of technical, tactical, operational, and strategic cyber threat intelligence only available to devices enrolled in the Cyber Threat Monitoring service.

Technical Cyber Threat Intelligence

Nuspire's Technical Cyber Threat Intelligence is created through a propriety blending, prioritization, and validation of social feeds, commercial feeds, and the aggregated information received from tens of thousands of diverse security manufacture devices deployed around the world.

As a global Managed Security Service Provider (MSSP) and cloud Security Information and Event Management (SIEM) provider, Nuspire has tens of thousands of diverse NextGen and UTM Firewall appliances that feed billions of security context-rich log events into the NuSecure SIEM solution every day. Many of the manufacturers’ devices that feed these rich security metadata logs into the SIEM are active members of the Cyber Threat Alliance.

Nuspire further utilizes automated methods to collect IP reputation information that indicates a lower level of trust should be used for addresses that are not specifically known as malicious. This information is combined with other alert methods to build correlated events that trigger Nuspire Security Operations Center (SOC) engineers who investigate the communications. The continuous feed of actively updated security log metadata in conjunction with existing IP reputation data, known Command and Control (C&C) networks from cyber security threat feeds, known compromised internet addresses and even threat intelligence from Darknet (beyond the surface web) combine into the NuSecure big data SIEM for normalization, correlation and aggregation. Once combined and ranked according to proprietary techniques, Nuspire is able to utilize big data infrastructure to provide real-time analytics and alerts on the stream of logs received.

Tactical & Operational Cyber Threat Intelligence

Nuspire's Security Analytics Team (SAT) members follow industry-specific trends, security issues, government intelligence, and other deep Internet data sources that may affect customers. Research findings are then used to further tune alerts and algorithms. Tactical threat intelligence is used to track threat actors to help predict attacks through their techniques and procedures. Operational threat intelligence is also utilized when Nuspire discovers actionable intelligence of a pending attack on a customer or industry. Discovery of tactical and operational threat intelligence issues that affect monitored devices generate tickets for review and discussion with the partner through the Trax™ Ticketing system.

Strategic Cyber Threat Intelligence

Nuspire's SAT provides informational notices through the Trax™ portal about high level issues faced by a multitude of industries, technologies, and organization sizes. This information can be used by executives and their boards to help guide an organization in reducing cybersecurity risk for the long-term.

This blending of real-time, third-party security intelligence (identified by devices placed all around the globe), databases of poor reputation or compromised hosts, advisories and bulletins driven from FBI active investigations of cyber threats, and Nuspire's own security research represent the NuSecure Advanced Cyber Intelligence. These components combine into threat intelligence for normalization, correlation and aggregation. Once combined and ranked according to proprietary techniques, Nuspire is able to utilize big data infrastructure to provide real time analytics and alerts on the stream of logs or to specific industry types as part of the CTM Service.

SOC 2 Certified

Nuspire is SOC 2 Compliant

Nuspire undergoes annual SOC 2 auditing against AICPS’s controls of security, availability and confidentiality. Nuspire’s SSAE 16/SOC 2 audited Security Operations Centers follow industry-standardized processes in order to provide the security, privacy, redundancy and flexibility to custom fit your organization’s needs.

 

To learn more about Cyber Threat Monitoring and SIEM solution, complete the contact us form below.


Nuspire Insights






Nuspire Infographic


Contact Us

Leave this empty: