Elastic Security Operations Center (Elastic SOC)

Additional Info

CompanyTrusted Metrics, Inc.
Websitehttp://www.trustedmetrics.com
Company size (employees)10
Type of solutionHybrid

Overview

The Elastic Security Operations Center (Elastic SOC®) is a cloud-based platform that collects security event logs, correlates them against threat intelligence and provides actionable analytics via alarms, dashboards and reports. It combines event correlation and real-time alerting with long-term data retention in an easy-to-use web portal.

Elastic SOC® offers the detection, prevention and awareness capabilities necessary for providing real-time statistics on critical business functions, while providing the tools needed for routine troubleshooting of events and making informed response decisions.

The platform unifies the following functions:

Event Aggregation: aggregates log data from any source, including network and security devices, servers, databases, and applications; thereby, providing the ability to correlate event data in a single console. 


Intrusion Detection: by monitoring strategically placed network taps and/or switch monitoring ports, IDS Collectors analyze all inbound and outbound traffic for known patterns that indicate a security-related event, such as a protocol violation, virus infection or inbound attack. 


Real-time Alerting: based on pre-canned and custom, multi-level Alarm Policies, undesirable correlated event activities generate real-time alerts that trigger an investigation. Alarm notifications can be integrated with a client’s pre-existing trouble ticketing systems. 


Reporting: On-demand or scheduled reports can be configured to summarize event types and provide high-level or detailed operational views into events, such as configuration changes, file integrity changes, malware infections, top offenders, etc. 


Custom Dashboards: providing graphical, high-level summary of collected events and alarms, users can configure their own dashboards and event views allowing quick access to specific events of interest.

Forensic Archival: Logs and Events are permanently archived to local NAS or SAN storage for historical retrieval and compliance purposes. 


Vulnerability Management: Elastic SOC® integrates with Nessus and Qualys vulnerability assessment APIs to give added insight into assets and provide additional data modeling and trending activity for vulnerability assessment activities. 


How we are different

- Elastic SOC® is a SaaS-based security visibility platform built on a SIEM foundation, unifying multiple monitoring capabilities. It has reduced the need for disparate, redundant and costly technologies. It currently serves the SMB market through large enterprise network environments.


- Elastic SOC® supports multi-tenancy and can be white-labeled. This allows Managed Service Providers (MSP) and Managed Security Services Providers (MSSP) to offer their clients that same level of enterprise security monitoring only seen in large-scale network environments, via a distributed cost model. Elastic SOC® is “Elastic” at it’s core. There is no concept of having to distribute clients across multiple SQL-based databases, file stores or UI consoles.


- Elastic SOC® Collector can be deployed to a client in as little as 20 minutes on either a physical server or virtual machine, immediately integrate with existing threat protection packages, and directly connect with a client’s Active Directory for added contextual data and immediate event flows.