Home Office Security Operation Center
This service is for organizations already having set up Qradar or Splunk Enterprise SIEM systems and is about telecommuters/employees who are working from home. If the organization has not yet implemented endpoint protection systems (EDR, DLP, MDM, etc.), then this service can help monitor the endpoints based on logs.
If there is an endpoint protection implemented, then it can be used as a complementary tool, based on automatic correlation rules, visualized dashboards and alarms. With this, our clients can monitor both their infrastructure and endpoints via a single pane of glass.
With remote office monitoring, security stakeholders will receive reports and assessments regarding the actual state of the organization and IT Security operations will receive automated alarms, which can signal security incidents. For the handling of these incidents, operators can use our Playbooks, connected to the Use-Case packages, which are containing detailed and exact walk-throughs for analysing and remediating these incidents.
For the effectiveness of this monitoring, endpoint agents are needed. Their set-up and configuration are possible both centrally (Active Directory) or individually (we can help with the planning of the setup). The agents are normalizing and filtering the logs on the endpoints and the speed/batch size of the logs are adjustable, to maintain the health of the VPN connection.
Home and Remote Office monitoring with Splunk and Qradar SIEM systems
The goal of this assessment is to evaluate the remote access points on the internet among their access levels and the vulnerabilities of the network infrastructure and to give remediation plans to these vulnerabilities. This service package first assessing the implementation of telecommuting and then, based on the earlier assessment, deeply evaluate the security and vulnerabilities within the infrastructure.
The steps of this assessment:
- Assessment of the remote office environment (see above)
- Testing the following with a user account, provided by the client:
- Network security
- Configuration of remote accesses
- Proper set-up of privileges
- Mapping the vulnerabilities of the applications, services, servers and devices on the internal network, which are available for remote work
- If required, mapping the detection and reaction capabilities of the organization’s SIEM/IDS/IPS systems, working together with IT Security
- User education, remediation and report package about the vulnerabilities, remediation and attack surface reduction