Atmosera’s advanced security technology capabilities combined with certified experts’ vigilance fortify your network against threats. Enhance your security capabilities with user-behavior analytics in Atmosera Managed SIEM (Security Information and Event Management) solution, provided as part of the Advanced Threat Detection service, which also includes Managed Vulnerability Scanning. These services are implemented as part of Atmosera’s consolidated solution platform.
A SIEM system functions as the centralized brain of Security Operations. A typical computing environment can generate millions of security events a day, requiring an intelligent system to process, analyze and correlate those events to find the “needle in the haystack.” Data insights are then provided to security analysts who can then take necessary action.
Atmosera’s SIEM system allows us to store your security events, which enables our team to perform forensic analysis. This can be useful in the case of a security event where our support team needs to understand what happened to best help you.
Many regulatory compliance frameworks such as HIPAA, HITRUST, and PCI require the use of a SIEM system.
Atmosera’s SIEM uses Machine Learning to look for patterns of behavior that indicate threats and potential compromise. In addition to Machine Learning, our system also provides a constantly updated stream of Threat Intelligence that analyzes your environment for threats.
Threat Intelligence is information fed into the SIEM system (often by security researchers) that makes it aware of known bad websites, IP addresses and processes. This allows the system to watch for references to those known bad elements within your environment and flag when they are identified. If a user were to access a website that was on the list of known bad websites, this would trigger an alert.
With millions of events a day it’s impossible to look at everything. A SIEM system allows us to create data visualizations from an aggregate dataset to look for anomalous patterns that can then be further investigated.
Atmosera identified admin accounts in a client environment that were set to never expire; this is generally considered a bad practice and violates most compliance frameworks.
In a client environment, Atmosera identified the same account used to log in successfully from different countries within only a few minutes. We found it was the result of a developer sharing his credentials with another developer in a different country.
Atmosera has identified several cases of brute force attacks. These are almost always misconfigured service accounts that are failing to login, but the few remaining cases were caused by attacks on public-facing web services (which unfortunately is difficult to prevent, due to the nature of public web servers). We are able to use the data in Atmosera’s SIEM in a forensic capacity to validate that these secure environments were not accessed by anyone unauthorized.
Atmosera’s security team has seen several cases where user systems were accessing crypto-currency sites. After investigation, these were all unintentional and benign cases. Embedded advertisement links in websites caused browsers to do a DNS lookup to these sites and tripped the alert.