MANAGED DETECTION & RESPONSE SERVICE
maticWatch
SecurMatic’s Managed Detection & Response service (MDR) - maticWatch - operates an advanced Threat detection technology solution supported by a Security Operations Center (SOC) that monitors and responds to cyber attacks – 24 / 7, 365.
maticWatch service is offered in two flavors:
- maticWatch – Standard (SecurMatic SIEM + SOC Service)
- maticWatch – Hybrid (Client owns the SIEM + SecurMatic monitors the SOC)
maticWatch – Standard
Introduction
maticWatch is a hosted threat detection and response solution, where SecurMatic operates a propriety Security Information & Event Management system (SIEM), as well as a 24/7/365 Security Operations Center (SOC) that monitors client organization's networks, applications & or end point devices to proactively detect threats.
maticWatch integrates multiple cyber threat intelligence data sources, provide sophisticated analysis and employs the use of data science to continually hunt for suspicious behavior and anomolies to provide customers with rich actionable inteligence.
Security monitoring (SOC) is carried out via the proprietary SIEM offered with maticWatch (developed, maintained and operated by SecurMatic).
Get in touch with us today to find out more about maticWatch and how it can keep your organization secure Click here.
Service Features
- Cloud hosted or On-premise implementation of SecurMatic’s proprietary SIEM
- Log collector located in client’s hosting environment
- Security events will be sent to maticWatch using an encrypted channel such as a site to site VPN
- 24*7*365 – Round the clock monitoring of threats and security events by SecurMatic Security Operations Centre (SOC)
- Retention of security events – 90 days online and 1 year offline
- Customer portal with real time attack information and status of review
- The Service doesn’t include the retention of Raw Logs. SecurMatic recommends a server be set up on premise to store the raw logs for a period determined by the Client
- Customized Monitoring and Alerts
- On-Demand Reporting
- Incident Management to support clients with deep dive investigations when required and ensure timely resolution of high-risk incidents
- Investigation & Forensic Analysis
- The SOC consists of security analysts that provide real time monitoring of clients’ networks, applications and or end points to identify, contain and respond to internal and/or external attacks
- SOC analysts are highly trained information security professionals that have the required expertise to identify potential threats and guide organization’s IT teams on the appropriate response.
Implementation Options
maticWatch is designed to accommodate the following two deployment methods of its SIEM solution
- On-premise implementation where the monitoring solution is hosted at the client’s data centre or
- A hosted solution in a dedicated cloud instance at Amazon Web Services or at Azure data center
Privacy
- The Security Operations Center Monitoring Service does NOT require access to organisations’ Customer information
- We only require access to specific security events captured by your security systems and other software
- Security events will be sent to maticWatch using an encrypted channel such as a site to site VPN.
Cyber Security MDR Service - In-house vs Outsource
- Cost Savings: your company will need to spend on hardware & software (SIEM tool), human capital & overhead to maintain the operation 24/7. Alternatively, SecurMatic has the economies of scale in technical and human expertise to provide a fully loaded service at 30%-40% of the cost of an in-house managed team.
- Skills: recruiting and maintaining skilled resources for in-house security monitoring solution is a barrier for many companies. SecurMatic has staff well trained in multi-faceted cyber threats, varying skill sets and experience to provide comprehensive security solutions
- 24/ 7/365 monitoring & Support: your company would need a minimum of 8 - 12 staff to run and maintain a round the clock Security Operations Center, compared with SecurMatic where your monitoring cost will be less than 40% of your staff cost.
- Managing rules & updates: your company would need skilled staff who can modify monitoring rules based on market and industry conditions, whereas SecurMatic has access to global threat monitoring sources and monitors networks in other markets and industries, all that knowledge will be applied to your company
- New Technologies (use of data analytics) – SecurMatic in addition to constantly updating its alerting rules, use data analytics, machine learning and external threat intelligence sources to minimise false positive alerts.
- Reduce time to implement: with SecurMatic, your threat detection and monitoring can be set up within 2 - 4 weeks of sign up
maticWatch – Hybrid
Introduction
MaticWatch-Hybrid includes a technology solution – SIEM owned by the client & a Security Operations Center (SOC) monitoring service 24/7 by SecurMatic. The service monitors client’s networks, applications and or end points for cyber threats via the SIEM tool invested by the client.
Features
- This service encompasses monitoring and management of the SIEM tool of other vendors
- The client owns the SIEM tool
- The client has the option to assign the management of the SIEM tool to SecurMatic
- SecurMatic SOC monitors the client’s environment via its Global Operations Center, round the clock (24*7*365), for cyber threats using Client’s SIEM tool
- The SOC consists of security analysts that provide real time monitoring of clients’ networks, applications and or end points to identify, contain and respond to internal and/or external attacks
- SOC analysts are highly trained information security professionals that has the required expertise to identify potential threats and guide organization’s IT teams on the appropriate response.
- SecurMatic provides Quarterly Security Reviews as part of our Service Delivery. The Quarterly Reviews will provide a snapshot of the security posture of the Clients environment, assess new requirements and address opportunities for improvement.
- Forensic Analysis if required
Expertise
SecurMatic supports the monitoring of the following SIEM tools:
- McAfee
- Alien Vault
- ArcSight
- LogRhythm
- Splunk