Managed Security Services (MSS)
CIS, with support from the third party provider Accenture, offers managed security services for pre-existing devices deployed in your environment. Each security device carefully placed in a network is a critical component to achieving an increased security posture. CIS understands that the implementation of these security devices is not enough and further commitment to analysis and expert auditing of the content of these devices can make all the difference.
How does MSS work?
CIS offers managed security services for devices including, but not limited to, IDS/IPS, firewalls, switches & routers, servers, endpoints and web proxies. A log collection platform (LCP) is setup in the customer location to ingest the logs from the chosen monitored or managed devices.
The LCP transfers the logs between the devices and Accenture. The logs are encrypted, compressed and transmitted to Accenture for a first round of analysis. These logs are turned into security events, assigned a severity and sent to the CIS 24x7 Security Operations Center for manual analysis. Expert analysts review each event generated to eliminate any false positives and ensure that only actionable incidents are escalated to your organization as an alert.
Events/incidents are categorized as informational, warning, critical or emergency.
Alerts & Reporting
As events are analyzed and verified as legitimate, an alert is sent to the organization in accordance with pre-established escalation procedures. Our 24x7 SOC is always on hand to answer questions in follow up to alerts received. A comprehensive monthly activity report is made available, summarizing the malicious activity identified by the devices being monitored in the organization’s environment. These reports provide details for all incidents for the previous month, statistics on data such as events, incidents, and a review of the total volume of monitored traffic.