Cyber Defense Services
SIEM solutions are basically the systems that enable the collection of security logs from all the
log sources of a company’s IT assets. Those collected logs are used for 2 main purposes. First,
SIEM is a central repository for all the logs, and secondly, these logs are very useful to detect
threats against a company.
One of the most important benefits of SIEMs is to reveal the threats that cannot be detected
from the logs in a single source but can be detected by evaluating the logs from more than one
source together, by making correlations over these collected logs.
Cyberwise Cyber Defense Services monitors the alarms that occur on the SIEM products of our
customers 24x7, analyzes these alarms and reveals the real threats by eliminating the false
positives. It informs its customers about the detected real threats with the methods decided in
the communication guide. Cyberwise develops new correlation rules about global threats that
have a wide impact and affect many companies. Additionally, Cyberwise ensures that existing
correlation rules are kept up to date. Cyberwise develops special use-cases requested by the
customer. By delivering monthly reports Cyberwise informs its customers about the current
situation, what happened within the reporting period and suggestions if any. And finally,
Cyberwise continuously improves its service quality according to the customer feedback.
Supported Products: IBM Security QRadar, Microsoft Azure Sentinel, OpenText ArcSight
Technologies such as EDR and NDR are very important for the management of threats in cyber
security. Many manufacturers offer their own products and solutions in these areas. In fact, XDR
(Extended Detection and Response) approaches, which involve the cooperation of EDR and NDR
products with other security products, stand out as the preferred technologies by companies.
With its MDR (Managed Detection and Response) service, Cyberwise monitors the EDR and NDR
systems of its customers 24x7, analyzes the alarms, removes false positives, reveals real threats,
and informs the customer to eliminate these threats. Based on the terms agreed, Cyberwise
takes threat-eliminating response actions*. These actions are provided by the capabilities
offered by the EDR/NDR/XDR platforms used by our customers.
*: Response actions are taken depending on the permissions approved by our customer.
Supported Products: Microsoft Defender Family, Vectra AI NDR
SIEM solutions are basically the systems that enable the collection of security logs from all the
log sources of a company’s IT assets. Those collected logs are used for 2 main purposes. First,
SIEM is a central repository for all the logs, and secondly, these logs are very useful to detect
threats against a company.
One of the most important benefits of SIEMs is to reveal the threats that cannot be detected
from the logs in a single source but can be detected by evaluating the logs from more than one
source together, by making correlations over these collected logs. Due to many corporate
policies and regulations such as 5651, some logs need to be kept for certain periods and used in
a way that can produce reports in reasonable time if requested by legal authorities. SIEM
products also ensure compliance with such regulations by ensuring that the integrity of the logs
is not compromised, thanks to their centralized log management capabilities.
Cyberwise SIEM Installation and Configuration Service ensures that we design the appropriate
topology for the SIEM products, determines the necessary system resources, installs and
configures the SIEM products, ensures that the logs are integrated into the SIEM, and the
collected logs are parsed correctly. It also includes configuring ntp, snmp settings, backup
settings and installation of HA (high availability) environments depending on purchased licenses.
The service is delivered by the completion of the initially agreed installation and configuration
plan.
Supported SIEM products: IBM Security QRadar, Microsoft Azure Sentinel, OpenText ArcSight
It is a service that includes troubleshooting and offering solutions for technical problems that
arise for SIEM products supported by Cyberwise. If Cyberwise experts cannot solve the problem,
we create a support ticket in vendor’s support portal. In this service, SIEM management is at the
customer's disposal. In case of a technical problem, the customer must reach Cyberwise and
create a support ticket. Technical support is provided by Cyberwise after receiving the support
ticket.
Technology is developing very fast and SIEM products are updated at the same speed, and they
gain new capabilities very frequently. It is becoming more and more difficult to manage all
security products used by even a medium-sized company with internal human resources, to
intervene in technical problems and to produce solutions. For this reason, SIEM Technical
Support Service or Managed SIEM Service, stands out as a highly preferred services for our
customers.
Supported SIEM products: IBM Security QRadar, Microsoft Azure Sentinel, OpenText ArcSight
Technology is developing very fast and SIEM products are updated at the same speed, and they
gain new capabilities very frequently. It is becoming more and more difficult to manage all
security products used by even a medium-sized company with internal human resources, to manage SIEM products, to troubleshoot technical problems and to produce solutions. Cyberwise
offers, managing SIEMs on behalf of our customer, making configuration changes, product
version updates, troubleshooting, and producing solutions for technical problems, registering a
ticket, and following up with the vendor for unresolved problems, providing new log integration
requirements, designing new reports requested by customer. It also covers the services such as
making periodic health checks.
Managed SIEM Service is a service that allows our customers to use SIEM systems using only
read/only accounts, and all necessary SIEM management is done by Cyberwise and reported to
our customers monthly.
Supported SIEM products: IBM Security QRadar, Microsoft Azure Sentinel, OpenText ArcSight