The enterprise has made substantial capital investments in leading-edge security technology to secure critical assets and data. The ever-evolving threat landscape ensures that determined adversaries are always one step ahead. New threats and methods of attack have forced the enterprise into a never ending game of cat and mouse. The resulting costs and operational complexity associated with this approach are simply unsustainable.
Designed from the ground up to provide the enterprise with solutions to solve this problem in an innovative and cost effective manner, Stratejm has developed North America’s Premier Security-as-a-Service (SECaaS). Stratejm is able to collect and process your security information and events on Day 1. Time to value is maximized and the capital obligations associated with continually purchasing new preventative security technology is minimized. Stratejm’s SECaaS is the first of its kind to offer real integration and event correlation between applications, servers, network and security devices. We also offer customers a full range of network performance monitoring and reporting features.
Key Components of the Stratejm SECaaS offering include:
- Intelligent Security Information & Event Management (SIEM)
- Threat Intelligence
- Vulnerability Management
- Asset Management – Configuration Management Database (CMDB)
- Network Availability & Performance Monitoring
- 24/7 Cyber Intelligence Center (CIC)
- Incident Management & Ticketing
- System Health Monitoring
- Application Performance Monitoring
- CIS Enterprise Risk Dashboard
Review the sections below to receive a more in-depth overview of Stratejm’s SECaaS key components.
Stratejm’s Intelligent SIEM provides discovery-driven, real-time situational awareness to security logs, resulting in quick IT response. The awareness comes from creating a dynamic usage profile of infrastructure assets, current configurations, recent changes, dynamic asset-to-business service mappings, user discovery from Active Directory and OpenLDAP databases.
Stratejm enriches this data through the use of continuously updated external threat intelligence sources in the form of IP reputation, domain reputation, malware user agent and malware hashes. The situational awareness is appended to logs and enables the rule engine to correlate the information in real time to generate accurate Actionable Intelligence alerts and reports.
Stratejm’s Intelligent SIEM has been purpose built in our secure multi-tenant Canadian cloud and offers customers:
Real Time Event Correlation
Stratejm’s Intelligent SIEM offers powerful event correlation for connecting patterns of events over time across ALL IT domains. Bad behavior in machine data can be encoded in rules.
Advanced Log Management
The Stratejm Intelligent SIEM stores the original raw log messages, parsed attributes and enhanced data elements. Current or historical data can be purged, archived and trended over time.
Searches can be simple or complex using regular expression or structured SQL-like query statements. There is no system limitation on the amount of data that can be processed or stored within Stratejm’s Secure Cloud.
Stratejm delivers a robust, scalable log management solution offering:
- Mainstream device support
- Event source monitoring
- Event log and network flow data consolidation
- Comprehensive, extensible analytics
- Network, virtualization and application intelligence
- Identity and location intelligence
- Configuration and configuration change monitoring
- Database security, availability and anomalous activity monitoring
- Powerful, layer 7 rules engine
- Real-time and historical cross-correlation
- Prioritized, valid security incidents with correlated and raw details
- Dynamic dashboards, topology maps and notification
- Real-time search with web-like query and iterative filtering
- Directory service integrated and custom asset and user grouping
- Compliance and standards-based reports
- Optimized event repository
- Event log data integrity secured by HMAC
- Unlimited online data retention
- As-needed performance and coverage capacity
Collect, Parse, Correlate from Anywhere
Supporting multi-vendor device sources and advanced parsing technology, Stratejm’s Intelligent SIEM can collect, parse, correlate and store logs from virtually all IT infrastructure sources. Our Intelligent SIEM automatically interprets the device type and how to process the event logs as they are received.
Machine Data Search
No matter the data type, whether performance metrics, database logs, security logs or configuration changes, Stratejm’s Intelligent SIEM pre-processes all data into searchable events.
Stratejm’s Intelligent SIEM allows both Google-like keyword and regular expression based searches on unstructured machine data in addition to field-based searches on structured machine data. Searches can be executed in real-time on streaming data or on stored historical data. Discovered CMDB objects can be utilized to help facilitate search conditions to narrow results.
Big Data Analytics
Stratejm’s Intelligent SIEM is built on an agile Hadoop cluster that’s designed to achieve performance-driven big data analytics. There is no limit to the amount of data Stratejm’s Intelligent SIEM is able to ingest and crunch.
Visual Analytics generates actionable insights from events and logs processed by Stratejm’s Intelligent SIEM. This allows customers the ability to interact with their data in powerful new ways that make it easy to communicate the value of security and performance monitoring to executives, customers, and business units. Using this information, customers are able to turn performance metrics into answers needed to understand cost of service delivery and which user behaviors most impact external threat vulnerability.
Stratejm’s Intelligent SIEM features full log aggregation, real-time event correlation and online data retention. We have developed customized rules and reports mapped to leading management and SOX, PIPEDA, HIPAA, COBIT and PCI DSS compliance standards.
By incorporating an up-to-date fully automated CMDB, statistical profiling and true identity binding for complete access records, Stratejm automates audit and control processes. Our compliance engine automates the enforcement of IT controls and problem resolution. This ensures that compliance becomes part of daily operations; not another time consuming managed project.
Advanced Threat Management
Advanced Threat Management is achieved from a combination of Stratejm’s Intelligent SIEM’s robust features including:
- Analysis of security devices
- sFlow & NetFlow Data
- CMDB classifications
- Statistical anomaly detection
- CPU, Disk, Memory and Network Performance Monitoring
- Threat feeds & advanced rules
Configuration Management Database (CMDB)
Virtually every security framework calls upon Corporate IT to maintain full visibility across all network-connected assets, their role and relationship to the business, to one another and to privileged users. A Configuration Management Database (CMDB) is a repository that acts as a data warehouse. Its contents are intended to hold a collection of IT assets that are commonly referred to as Configuration Items (CI), as well as descriptive relationships between such assets. When populated, the repository becomes a means of understanding how critical IT assets are composed, what their upstream sources or dependencies are, and what their downstream targets are.
Stratejm works in partnership with our customers to build a dynamic, up-to-date CMDB as a means of keeping track of IT assets and the relationships between such assets. The CMDB is used to understand the normal and proper function of IT assets within the enterprise and leverages statistical profiling and identity binding for complete access records and visibility.
It is a longstanding best practice for Corporate IT to engage a trusted 3rd party to complete vulnerability scans against their environment. Stratejm will implement a Vulnerability Management Program for every SECaaS customer. Vulnerability Management enables Stratejm to discover rogue devices, identify & track vulnerabilities, prioritize and verify remediation.
In partnership with Qualys, Stratejm will conduct internal and external vulnerability scans within your environment on an annual, bi-annual or quarterly basis based upon your specific needs. We take a pragmatic, business-first approach to vulnerability management by identifying all known vulnerabilities while highlighting those which impact mission and business-critical systems for prioritized remediation.
Threats don’t start at 9:00am and end at 5:00pm. Stratejm actively monitors critical IT assets 24/7. Stratejm employs the use of machine learning, big data analytics and automation to continually hunt for suspicious behavior and anomalies while providing real-time visibility into events.
This capability enables Stratejm to identify new potential threats and attacks sooner, thus mitigating risk to the enterprise.
Cyber Intelligence Centre (CIC)
Stratejm’s state-of-the-art Cyber Intelligence Center (CIC) is a purpose built, fully-secure facility designed in full compliance with physical data safeguarding standards. The CIC incorporates the traditional functions of a Network Operations Center (NOC) and Security Operations Center (SOC) to achieve a holistic, 360-degree view across all IT assets. Stratejm’s CIC operates under strict, need to know access controls – only authorized employees are given access to the facility.
All activity is monitored using HD video surveillance. Stratejm’s CIC incorporates Content-as-a-Service capabilities to aggregate, validate and share anonymous threat data gathered from other industry sources, providing benchmark and threat detection intelligence to customers in near real-time.
Stratejm’s SECaaS incorporates Real-Time Threat Intelligence. Ingesting data from multiple commercial and open-source feeds, we scrape over 750,000 unique sources of data from across the deep web, dark web and social media. The ingestion of Threat Intelligence enables Stratejm to proactively identify new and emerging threats to your industry, business, facilities, executives and employees.
We take responsibility for curating the data to ensure the output is contextual and actionable. Threat Intelligence has been vertically integrated as part of the Intelligent SIEM to further enhance its core functions. Our unique approach results in increased speed and accuracy of detection while simultaneously enhancing the response process by gaining additional context about the threat.
Unlike traditional Managed Security Service Providers (MSSPs) who only maintain visibility on the assets they directly manage, Statajm’s SECaaS takes a holistic, 360-degree view of our customer environments.
By having a complete understanding of IT assets, business critical systems and network devices, Stratejm can begin to understand the risk unto the enterprise when a breach is identified.
Incident Response & Ticketing
Stratejm’s SECaaS includes integrated Incident Management & Ticketing. Stratejm has strategically partnered with ServiceNow, the market leader in IT Service Management (ITSM). The Incident Management process is tailored to each customer and is automatically triggered as new security incidents are identified.
Having a well-defined incident management process ensures that Stratejm’s SECaaS customers are best prepared to handle incidents in an efficient and effective manner. Stratejm’s Cyber Intelligence Analysts work directly with their customer counterparts to assist with Incident Management.
System Health Monitoring
While event log monitoring can relay certain alerts from the operating system, it is unfortunately insufficient for accurately monitoring and tracking overall system health. Stratejm’s SECaaS incorporates System Health Monitoring, designed to natively monitor all core components of the operating system.
SMH not only raises alerts for immediate problems, but also collects historical information for later analysis, trend prediction and real-time overview. Customers are able to access this data for their own internal (non-security related) use cases; Stratejm provides role-based, read/write access to our SECaaS for such a purpose.
Application Performance Monitoring
Stratejm’s SECaaS incorporates Application Performance Monitoring (APM) that’s designed to deliver a deep view of performance across your website(s) or specific applications. We can leverage APM to identify and troubleshoot performance-related issues that may be caused by a security-related incident or attack.
Customers are able to access this data for their own internal (non-security related) use cases; Stratejm provides role-based, read/write access to our SECaaS for such a purpose.
CIS Enterprise Risk Calculator
The Center for Internet Security (CIS) Top 20 Security Controls are designed to prevent a majority of cyber attacks by measuring and reducing cyber risk. Stratejm has developed a proprietary Enterprise Risk Calculator (ERC) based on the CIS Top 20 Critical Security Controls.
As part of the onboarding process, Stratejm consultants will interview clients to obtain necessary data points and artifacts necessary for scoring and validation. Once complete, the ERC will offer a clear, business contextual view into the security and risk profile of your environment.