SIMNET Secure Managed Services

This following table is an example of a SIMNET SECURE Managed Service offering. Each line item is awarded a point value. There are three components to the pricing model;

• SIMNET SECURE with STIX/TAXII SEIM
• Modules: Customer Defined

The Service includes:

SIMNET Security Operations Center

Around-the-Clock Protection from Cyber Threats (24 X7 Monitoring)

• 24/7 security monitoring is key and cybersecurity must be handled around the clock by dedicated cybersecurity experts who understand and can respond to the always-changing world of cyber threats.
• Monitoring and alerting service provides smarter and more accurate alerts, with the information and context required to respond quickly and effectively to threats, breaches and other events.
• The network is being constantly monitored, affording increased situational awareness, which means a better understanding of the elements in the environment, the threats to those elements and how best to respond to those threats.

Response services include

• Incident response expertise
• Forensics and investigation
• Malware analysis

Countermeasures

Our trained, experienced and dedicated security engineers are incident response experts who can:

• Develop an emergency response plan
• Enhance your organization s current response protocol
• Help your company stay safer in the future

Breach Response Services

• Emergency response services include:
• Incident response expertise
• Forensics and investigation
• Malware analysis

Professional Services

• Expert Guidance from Trusted Cybersecurity Advisors -A full range of professional cybersecurity consulting services to help our clients improve their current security posture. From performing assessments and conducting penetration testing to determine the risk your organization faces to advising on incident response and forensics, our team is here to be your trusted cybersecurity consultant
• Security and Risk Assessments -Successfully undertaken Security and risk assessments for many organizations. While the objectives of each customer engagement can vary, the focus is on examining the security posture of the organization s critical technology platforms to ensure that all devices are properly configured and secured.
• Incident Response – Organizations that can demonstrate that the effectiveness and efficiency of their incident response plan has been validated by a third party, will meet the incident response requirements, and also be seen as being serious about their compliance commitments. Our team of security expert’s helps our customers develop and test an incident response plan and augment their IT security team s efforts to investigate, remediate and document a critical incident.

STIX/TAXII

• STIX is a language for having a standardized language for the representation of cyberthreat information. Similar to TAXII, it is not a sharing program or tool, but rather a component that supports programs and/or tools.
• TAXII defines a set of services and message exchanges that enable sharing of actionable threat information across organizational, products, and services. TAXII is not an information sharing program and does not define trust agreements. Rather, it is a set of specifications for exchanging cyberthreat information to help organizations share information with their partners.

Anomali Threat Stream

• Empowers Simnet Secure users to leverage threat intelligence to detect, prioritize, and response to security incidents. It provides Simnet Secure users with threat data collected and curated from industry leading threat intelligence platform ThreatStream to correlate with your log data in Simnet Secure, detect malicious activities in incoming and outgoing traffic, alert security teams, and provide you with detailed contextual information from a variety of threat sources (open source, commercial, Anomali Labs, customer internal, etc.).
• This app has built-in Simnet Secure Adaptive Response actions, automating security and threat investigation workflow to reduce investigation time and enable a rapid, decisive response.

Modules: Customer Defined

Module descriptions are limited to client requirements. Full modules list is available upon request.

VMware

The Simnet Secure App for VMware provides deep operational visibility into granular performance metrics, logs, tasks and events and topology from hosts, virtual machines and virtual centers. It empowers administrators with an accurate real-time picture of the health of the environment, proactively identifying performance and capacity bottlenecks.

The latest release of the Simnet Secure App for VMware provides enhanced visibility into the storage tier including built-in correlation and direct drill-downs into NetApp Data ONTAP storage systems. The results are holistic visibility, comprehensive analytics and faster problem resolution

Fortinet

The Fortinet FortiGate App for Simnet Secure provides datacenter threat visualizations to identify anomalous behavior and helps de-duplicate threat feed data to enable the fast creation and consolidation of analytics. The Fortinet FortiGate App for Simnet Secure properly maps log fields from FortiGate appliances and interchanges into a common format to Simnet Secure intelligence framework.
The Fortinet FortiGate App for Simnet Secure verifies current and historical logs, administrative events, basic firewall, unified treat management, anti-virus, IPS and application controls with Fortinet VDOM enabled. The integrated dashboard enables layered defense with network security, better application threat detection and management through rich data logs from Fortinet physical and virtual appliances.

Palo Alto

Palo Alto Networks App for Splunk leverages the data visibility provided by the Palo Alto Networks security platform with Splunk’s extensive investigation and visualization capabilities to deliver advanced security reporting and analysis. This app enables security analysts, administrators, and architects to correlate application and user activities across all network and security infrastructures from a real-time and historical perspective. Complicated incident analysis that previously consumed days of manual and error-prone data mining can now be automated, saving not only manpower but also enabling key enterprise security resources to focus on critical, time-sensitive investigations.

Microsoft Server: Monitoring

The Simnet Secure Add-on for Windows provides data inputs for Windows management. You can monitor, manage, and troubleshoot Windows operating systems from one place.

User statistics including number of logins per account, longest active sessions, and security-related information, file, event log and services are monitored.

Microsoft Server: Performance

The add-on comes with a set of, performance monitoring, and other inputs for collecting CPU, disk, I/O, memory, log, configuration, and user data.

• Hardware information such as CPU type and count; available hard drives; network interface cards, count, and memory, as well as CPU statistics (via performance monitoring inputs).
• Disk information such as available disk space and associated input/output statistics for devices and partitions (via performance monitoring inputs).
• Network information including information about the configured network interfaces, connections, and TCP/UDP transfer statistics (using performance monitoring inputs).

Linux Server

The Simnet Secure App for Unix and Linux provides data inputs, searches, reports, alerts, and dashboards for Linux and Unix management. You can monitor and troubleshoot *nix operating systems on potentially large numbers of systems from one place. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration, and user data.

Use the Simnet Secure App for Unix and Linux to:

• Get information about who’s logged into your system, including last login times and unauthorized login attempts.
• Find out how much network throughput and bandwidth your system is using.
• Determine the status of current running processes on your system, and who is running them.
• Learn what software is installed on your system.

SQL

The Simnet Secure Add-on for Microsoft SQL Server allows a Simnet Secure software administrator to collect system performance, SQL server performance, log, audit, and status data from Microsoft SQL Server deployments.

The Simnet Secure Add-on for Microsoft SQL Server leverages Simnet Secure DB Connect, Simnet Secure Windows Performance monitoring, and file monitoring to collect relevant MSSQL data. Through log file monitoring and field extraction, the database administrator can correlate events and create alerts and dashboards to track what errors, problems, or incidents happen to the database in real time.

This add-on provides the inputs and CIM-compatible knowledge to use with other Simnet Secure Enterprise apps, such as Simnet Secure Enterprise Security, the Simnet Secure App for PCI Compliance, and Simnet Secure IT Service Intelligence.

Oracle

The Simnet Secure Add-on for Oracle Database allows a Simnet Secure software administrator to collect and ingest data from the Oracle Database Server. This add-on can import data directly by monitoring the standard and fine-grained audit trails, trace files, incident, alert, listener, and other logs on the operating system where the Oracle Database Server is installed. Through log file monitoring and field extraction, the database administrator can create alerts and dashboards to track what errors, problems, or incidents happen to the database in real time. This add-on leverages Simnet Secure DB Connect to collect basic performance and inventory data from Oracle database tables. Using trace logs and inventory and performance metrics, database administrators can correlate events.

This add-on provides the inputs and CIM-compatible knowledge to use Oracle data with other Simnet Secure apps, such as Simnet Secure Enterprise Security, the Simnet Secure App for PCI Compliance, and Simnet Secure IT Service Intelligence.

Azure

The Azure Monitor Add-On for Simnet Secure offers near real-time access to metric and log data from all of your Azure resources. Azure Monitor is Microsoft Azure’s built-in pipeline for searching, archiving, and routing your monitoring data, providing a single path for getting Azure data into Simnet Secure. Simply configure your resources to send log and metric data into an event hub namespace, deploy the add-on, and configure the add on with your event hub namespace details and you are ready to go. The add-on currently supports these data types:

• Activity log, routed to event hub via a log profile
• Diagnostic logs, routed to event hub via diagnostic settings
• Metrics, routed to event hub via diagnostic settings

Microsoft Cloud –OneDrive| SharePoint | O365

The Microsoft Cloud App for Simnet Secure is a combination of dashboards built to provide insight into your Microsoft Cloud Environment. Authentication-specific panels may need to be modified depending on the configuration of your environment.

The Microsoft Cloud App for Simnet Secure provides out of the box visualizations for event data from:

• Office365 Service Status and Outages
• Login Activity
• Exchange Online dashboards and message trace
• OneDrive user activity and file investigation

AWS

The Simnet Secure App for AWS gives you critical insights into your Amazon Web Services account. The app includes:

• A pre-built knowledge base of dashboards, reports, and alerts that deliver real-time visibility into your environment.
• Easy-to-configure data inputs for your AWS Config, Config Rules, CloudWatch, CloudTrail, Billing, S3, VPC Flow Log, Amazon Inspector, and Metadata inputs.
• CIM-compliant fields and tags so that you can integrate your AWS data with your other infrastructure and security data sources.
• A set of Insights dashboards that display detected problems and anomalies in your AWS environment, and provide best practice recommendations to help you optimize AWS resources.

ADDITIONAL SERVICES

• Incident & Risk Mitigation
• Employee Security Awareness Training
• Cyber Risk Assessment
• Vulnerability Scanning –Penetration Testing
• Policies/Procedures Development