Security firm Netsurion is launching its first new services since acquiring security information and event management (SIEM) vendor EventTracker in October 2016. The new SIEM-at-the-Edge and Breach Detection Services expand Netsurion's product portfolio bringing advanced threat detection and mitigation capabilities to small businesses and branch offices.
Netsurion CEO Kevin Watson explained that the new services are two stages of a similar concept. The basic idea behind both services is to collect network information from end-points and then provide alerts on events that are potentially problematic. Events could include items such as the installation of a new executable on a system and different user behavior patterns. In total, Watson said that there are 32 different alerts that can be triggered based on detected events.
The difference between the two offerings has to do with service levels. The Breach Detection Service is an automated system that doesn't take any remediation action and Netsurion analysts don't necessarily look at every alert. In contrast, the SIEM-at-the-Edge service provides proactive remediation actions based on the event and has analysts from Netsurion's Security Operations Center (SOC) available to look at the severity of alerts.
The SIEM-at-the-Edge service provides organizations with blocking capabilities to help prevent the spread of potential risks. For example, if a user plugs an unauthorized USB device into a system, SIEM-at-the-Edge can be configured to prevent any files from being downloaded to or from the device, as well as alerting the appropriate people within an organization.
"One of the problems with some SIEM technologies is information overload, since the logs can provide a massive amount of different information," Watson told eWEEK. "We realized that with this customer base, you can't overwhelm them with information."
"So when we send an alert to a customer, we want to make sure it is a truly actionable piece of information," he added.
From a management perspective, Breach Detection Service customers get access to a dashboard that shows all the different alerts, as well as access to reports and the ability to search events. Watson explained that, for example, if a customer gets an alert that shows a piece of malware was installed on a particular device, there is a capability to search through the logs to see how the installation happened. He added that the SIEM-at-the-Edge service provides an enhanced dashboard with deeper capabilities and advanced search functionality.
From a technical perspective, the event sensor is deployed at the individual machine level, whether that machine is a Point-of-Sale (PoS) terminal, laptop or desktop machine. Watson explained that SIEM-at-the-Edge won't actually delete a potentially malicious file from a machine. That said, Watson explained that the SIEM-at-the-Edge service can block the file from loading and similarly it can also block files from being added to a USB drive, or block a user from being granted access to system.
Netsurion's new services start with relatively low price points. The Breach Detection Service starts at $10 a month per location, based on a multiple location engagement, while the SIEM-at-the-Edge service starts at $20 a month.
"The new services are designed for locations that are smaller, it's not designed for an office with a few hundred users," Watson said. "So for these services, we're looking at locations that have less than 15 devices."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.