Managed Security Services (MSS)
CIS, with support from the third party provider Symantec, offers managed security services for pre-existing devices deployed in your environment. Each security device carefully placed in a network is a critical component to achieving an increased security posture. CIS understands that the implementation of these security devices is not enough and further commitment to analysis and expert auditing of the content of these devices can make all the difference.
How does MSS work?
CIS offers managed security services for devices including, but not limited to, IDS/IPS, firewalls, switches & routers, servers, endpoints and web proxies. A log collection platform (LCP) is setup in the customer location to ingest the logs from the chosen monitored or managed devices.
The LCP transfers the logs between the devices and Symantec. The logs are encrypted, compressed and transmitted to Symantec for a first round of analysis. These logs are turned into security events, assigned a severity and sent to the CIS 24x7 Security Operations Center for manual analysis. Expert analysts review each event generated to eliminate any false positives and ensure that only actionable items are escalated to your organization as an alert.
Events are categorized as informational, warning, critical or emergency.
Alerts & Reporting
As alerts are analyzed and verified as legitimate, an event notification is sent to the organization in accordance with pre-established escalation procedures. Our 24x7 SOC is always on hand to answer questions in follow up to alerts or notifications received.