AIS Managed SIEM – Technical Overview

Security Threat Detection Capabilities

Many organizations discover that they've been the victim of a phishing attack by accident. AIS Managed SIEM provides the ability to proactively identify phishing-related activity, such as data access originating from new geographic areas.

Further correlation of firewall data with Server/Cloud access data can reduce false positives and better identify suspicious successful connections or new types of application traffic.
Increase usage of social media and new SaaS-based services provide new methods for sensitive information to be shared improperly. Multiple systems with separate authentication sources increase the chances of a user unintentionally having privileged access to unauthorized resources.
Increasing prevalence of remote workers increases the possibility of unauthorized direct or indirect access to a remote workstation. Traditional security methods were not designed for scenarios of a company laptop being using from Starbucks or an employee's relative accessing their laptop while they've stepped away.

Anomaly-detection machine learning algorithms allow for pattern changes to be detected and flagged for review that otherwise would not have been noticed through manual review.
View security and event logs from multiple Cloud Services in a single portal. Identify advanced threats by correlating suspicious activity across multiple Cloud Services. Include security and event data from legacy or on-premise systems to identify additional threats.

Example Use Cases

Ryuk Ransomware Incident Report

On Monday October 28, 2019, a local School District was hit with a ransomware attack, identified as a strand of “Ryuk”. AIS was contacted and addressed the situation quickly and efficiently, reaching out to the client to establish a timeline of events, identify impacted systems, and figuring out a general overview of the server environment.

 

A plan of action was developed,…

Case Study: Phishing Attack Creates Public Links to Private Files

Scenario
An email Phishing attack resulted in unauthorized access to the victim’s email mailbox and the creation of public-sharing links to private Microsoft OneDrive files.
Background
In early 2019, an AIS Managed SIEM Alert indicated that a Customer email mailbox was accessed from the United States and from Russia less than an hour later, triggering an Impossible Travel Alert. Minutes later, an additional…

Compatibility

Operating Systems

Windows Server/Workstations
MacOS
Linux
FreeBSD
Android
iOS
Junos

Cloud Services

Microsoft Azure
Microsoft Office 365
Google G-Suite
Amazon AWS
Salesforce.com

Hardware Manufacturers

Apple
Dell
HP
Cisco
Juniper
Fortinet
Sonicwall
Intel

Device Types

Server
Desktop
Laptop
Tablet
Firewall
Network Switch
Router
Wireless Access Point
IoT Device
Access Control

Log Data Formats

Syslog
JSON
AWS CloudTrail/Flow
Beats
CEF
GELF
Kafka
AMQP
NetFlow
Raw/Plaintext

Log Transport Methods

UDP
TCP
HTTP


Interested in learning more about AIS Managed SIEM? Let's Go!