Do you want real-time visibility into all system activity across networks, databases, and applications?

Security information and event management monitors system activity and gives you notifications and continuous insights into threats for immediate action.

Imagine being able to view activity in a concise and organized console, seeing security threats as they occur giving you the ability to react and remedy the situation in real time. Maintain activity logs, manage vulnerabilities, and view reports for alerts, including:

  • Password guessing attempts, like 3 or more failed login attempts from a single host.
  • Alerts from 15 or more firewall events from a single IP address in one minute.
  • When malware is detected on a host.

Each of these security information events warrants immediate action to prevent further risk or vulnerability, and ongoing security information and event management is the modern response.

What happens when the system discovers an event?

When the system discovers an event, there is an established triage process that is followed to determine the risk level of an event, and how to handle. Events are processed as follows:

  • Fed into a 24/7 Security Operations Center
  • Flagged by the level of risk: High versus Medium
  • Pushed out to Tier One Technology Partners Cybersecurity team for assessment and action

The most common examples for events by the level of risk:

  • Normal
    • Access during normal business hours
  • Medium – Flagged and reviewed by the Cybersecurity team
    • Scenario #1: A CEO or CFO was entering an incorrect password and finding themselves locked out of a system. In this case, the team is immediately delegated to contact and assist the user.
    • Scenario #2: A user was logging in during off-hours from home from their laptop. Here, the team sees the odd timing but that the access from is from the user’s laptop and is less concerning.
  • High – Flagged and reviewed by the Cybersecurity team
    • Scenario #1: Login attempt from an unknown location or location that is different from a known location of a user. This is considered a suspected attempt at breaching the network. The user is contacted for verification, and if no response within 15 seconds, user access is prevented.
    • Scenario #2: Repeated attempts to access a network from one location are detected. This is treated as an immediate threat, and the team prevents access to protect the network, thus thwarting an otherwise potentially catastrophic event.

Tier One Technology Partners performs vulnerability and risk assessments of IT processes, with a full review of IT systems to implement new security information and event management protocols to protect businesses from attacks.

Contact Tier One Technology Partners today at (443) 589-1150 or at info@tieroneit.com for the peace of mind that comes with security from cybercriminal activity.

Background
Connect With Baltimore's Top Managed IT Consulting Company.

Don't Wait, Let's Get Started!

Ready to speak with a member of our IT consulting and managed IT services team? Use the form to the right to book an initial consultation with your next Baltimore IT services company.