The enterprise has made substantial capital investments in leading-edge security technology to secure critical assets and data. The ever-evolving threat landscape ensures that determined adversaries are always one step ahead. New threats and methods of attack have forced the enterprise into a never ending game of cat and mouse. The resulting costs and operational complexity associated with this approach are simply unsustainable.
Designed from the ground up to provide the enterprise with solutions to solve this problem in an innovative and cost effective manner, Stratejm has developed Canada’s first and only Security-as-a-Service (SECaaS). Stratejm is able to collect and process your security information and events on Day 1. Time to value is maximized and the capital obligations associated with continually purchasing new preventative security technology is minimized. Stratejm’s SECaaS is the first of its kind to offer real integration and event correlation between applications, servers, network and security devices. We also offer customers a full range of network performance monitoring and reporting features.
Key Components of the Stratejm SECaaS offering include:
- Intelligent Security Information & Event Management (SIEM)
- Configuration Management Database (CMDB)
- Vulnerability Management
- 24x7x365 Monitoring
- Cyber Intelligence Center
- Real-Time Cyber Threat Intelligence
- Risk Analysis
- Incident Response & Ticketing
Review the sections below to receive a more in-depth overview of Stratejm’s SECaaS key components.
Stratejm’s Intelligent SIEM provides discovery-driven, real-time situational awareness to security logs, resulting in quick IT response. The awareness comes from creating a dynamic usage profile of infrastructure assets, current configurations, recent changes, dynamic asset-to-business service mappings, user discovery from Active Directory and OpenLDAP databases.
Stratejm enriches this data through the use of continuously updated external threat intelligence sources in the form of IP reputation, domain reputation, malware user agent and malware hashes. The situational awareness is appended to logs and enables the rule engine to correlate the information in real time to generate accurate Actionable Intelligence alerts and reports.
Stratejm’s Intelligent SIEM has been purpose built in our secure multi-tenant Canadian cloud and offers customers:
Real Time Event Correlation
Stratejm’s Intelligent SIEM offers powerful event correlation for connecting patterns of events over time across ALL IT domains. Bad behavior in machine data can be encoded in rules.
Advanced Log Management
The Stratejm Intelligent SIEM stores the original raw log messages, parsed attributes and enhanced data elements. Current or historical data can be purged, archived and trended over time.
Searches can be simple or complex using regular expression or structured SQL-like query statements. There is no system limitation on the amount of data that can be processed or stored within Stratejm’s Secure Cloud.
Stratejm delivers a robust, scalable log management solution offering:
- Mainstream device support
- Event source monitoring
- Event log and network flow data consolidation
- Comprehensive, extensible analytics
- Network, virtualization and application intelligence
- Identity and location intelligence
- Configuration and configuration change monitoring
- Database security, availability and anomalous activity monitoring
- Powerful, layer 7 rules engine
- Real-time and historical cross-correlation
- Prioritized, valid security incidents with correlated and raw details
- Dynamic dashboards, topology maps and notification
- Real-time search with web-like query and iterative filtering
- Directory service integrated and custom asset and user grouping
- Compliance and standards-based reports
- Optimized event repository
- Event log data integrity secured by HMAC
- Unlimited online data retention
- As-needed performance and coverage capacity
Collect, Parse, Correlate from Anywhere
Supporting multi-vendor device sources and advanced parsing technology, Stratejm’s Intelligent SIEM can collect, parse, correlate and store logs from virtually all IT infrastructure sources. Our Intelligent SIEM automatically interprets the device type and how to process the event logs as they are received.
Machine Data Search
No matter the data type, whether performance metrics, database logs, security logs or configuration changes, Stratejm’s Intelligent SIEM pre-processes all data into searchable events.
Stratejm’s Intelligent SIEM allows both Google-like keyword and regular expression based searches on unstructured machine data in addition to field-based searches on structured machine data. Searches can be executed in real-time on streaming data or on stored historical data. Discovered CMDB objects can be utilized to help facilitate search conditions to narrow results.
Big Data Analytics
Stratejm’s Intelligent SIEM is built on an agile Hadoop cluster that’s designed to achieve performance-driven big data analytics. There is no limit to the amount of data Stratejm’s Intelligent SIEM is able to ingest and crunch.
Visual Analytics generates actionable insights from events and logs processed by Stratejm’s Intelligent SIEM. This allows customers the ability to interact with their data in powerful new ways that make it easy to communicate the value of security and performance monitoring to executives, customers, and business units. Using this information, customers are able to turn performance metrics into answers needed to understand cost of service delivery and which user behaviors most impact external threat vulnerability.
Stratejm’s Intelligent SIEM features full log aggregation, real-time event correlation and online data retention. We have developed customized rules and reports mapped to leading management and SOX, PIPEDA, HIPAA, COBIT and PCI DSS compliance standards.
By incorporating an up-to-date fully automated CMDB, statistical profiling and true identity binding for complete access records, Stratejm automates audit and control processes. Our compliance engine automates the enforcement of IT controls and problem resolution. This ensures that compliance becomes part of daily operations; not another time consuming managed project.
Advanced Threat Management
Advanced Threat Management is achieved from a combination of Stratejm’s Intelligent SIEM’s robust features including:
- Analysis of security devices
- sFlow & NetFlow Data
- CMDB classifications
- Statistical anomaly detection
- CPU, Disk, Memory and Network Performance Monitoring
- Threat feeds & advanced rules
Configuration Management Database (CMDB)
A Configuration Management Database (CMDB) is a repository that acts as a data warehouse. Its contents are intended to hold a collection of IT assets that are commonly referred to as Configuration Items, as well as descriptive relationships between such assets. When populated, the repository becomes a means of understanding how critical IT assets are composed. We then begin to understand what their upstream sources or dependencies are and what their downstream targets are.
Stratejm works with customers to build an up-to-date CMDB as a means of keeping track of IT assets and the relationships between such assets. The CMDB is used to understand the normal and proper function of IT assets within the enterprise and leverages statistical profiling and true identity binding for complete access records and visibility.
Vulnerability Management enables Stratejm to discover rogue devices, identify and track vulnerabilities while prioritizing and verifying remediation. Stratejm believes that the cornerstone of reliable security starts with knowing what vulnerabilities exist on your network.We go beyond simply listing which assets are at risk of being attacked.
Our goal to provide Actionable Intelligence around which specific patches are needed to fix each problem in a prioritized sequence. This approach is always aligned with business risk and impact.
Threats don’t start at 9:00am and end at 5:00pm. Stratejm actively monitors critical IT assets 24x7x365. Stratejm employs the use of machine learning, big data analytics and automation to continually hunt for suspicious behavior and anomalies while providing real-time visibility into events.
This capability enables Stratejm to identify new potential threats and attacks sooner, thus mitigating risk to the enterprise.
Cyber Intelligence Centre (CIC)
Stratejm incorporates both SOC and NOC functionalities to offer a holistic, 360-degree view of our customer environments. Our state-of-the-art Cyber Intelligence Center (CIC) is a purpose built, fully-secure facility designed in full compliance with industry standards. Stratejm’s CIC operates under strict access controls – only authorized employees are given access to the facility. Access and activity are monitored 24x7x365 and a log is maintained and continually updated. All employees who work in Stratejm’s CIC have undergone rigorous background checks.
Stratejm’s CIC incorporates Content-as-a-Service (CaaS) capabilities to aggregate, validate and share anonymous threat data gathered from other industry sources, providing benchmark and threat detection intelligence to customers in real time.
Cyber Threat Intelligence
Stratejm has integrated numerous open-source and commercial-grade Cyber Threat Intelligence feeds that offer quantitative and qualitative data on new threats, threat vectors and attacks. Stratejm uses this data to enrich our security data warehouse.
Stratejm’s Cyber Intelligence Analysts curate that data to ensure that we’re able to provide our customers with Actionable Intelligence.
Unlike traditional Managed Security Service Providers (MSSPs) who only maintain visibility on the assets they directly manage, Statajm’s SECaaS takes a holistic, 360-degree view of our customer environments.
By having a complete understanding of IT assets, business critical systems and network devices, Stratejm can begin to understand the risk unto the enterprise when a breach is identified.
Incident Response & Ticketing
Stratejm’s SECaaS includes a fully integrated Incident Response (IR) process and workflow. Having a well-defined IR process ensures that the enterprise is prepared to handle incidents in an efficient and effective manner. Stratejm’s Cyber Intelligence Analysts work directly with their customer counterparts to assist with IR once a breach has been identified. If required, Stratejm can provide on-the-ground support at an additional cost.
Stratejm adheres to the SANS Institutes 6 Steps for Handling an Incident Most Effectively:
- Preparation: Stratejm works to educate IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
- Identification: Stratejm completes the necessary analysis to decide whether a particular event is, in fact, a security incident.
- Containment: Stratejm works with the customer to determine how far the problem has spread. The customer moves to contain the problem by disconnecting all affected systems and devices to prevent further damage.
- Eradication: Stratejm’s Cyber Intelligence Analysts investigate to discover the origin of the incident. The root cause of the problem is identified and we work closely with designated IT staff to ensure all traces of malicious code are removed.
- Recovery: The customer will ensure that data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Stratejm will actively monitor for any sign of weakness or recurrence.
- Lessons Learned: Stratejm and the customer analyze the incident and how it was handled. Recommendations for better future response and to prevent a recurrence are made and documented.