Managed Security Monitoring Drivers for Managed Security

Executive Summary Many organizations feel blind having to

With the continuous improvement of react to security events without sufficient

adversaries techniques, taking advantage of visibility. They often lack the time needed

plethora of malware kits and botnet to invest and the people needed to deploy

infrastructures; together with continuous solutions to gain that much-needed

digitisation campaigns within organisations visibility into threats. This is often the initial

and the advent of mobile devices, many trigger for managed security monitoring

security professionals feel the deck is stacked (MSM). Other triggers include:

against them. The ever present compliance

mandates have not made the situation any 1. Lack of Internal Expertise

better. This has made security monitoring a 2. Scalability of Existing Technology

mandatory process within cyber security Platform

domain. 3. Minimize Technology Investment Risk:

The provider is on the hook to deliver

At the basic, security monitoring starts with the functionality to which they

log management and security information and committed.

event management (SIEM) and in more 4. Operational Risk Transference to a

complex scenarios, advanced security analytic provider who assumes responsibility

coupled with threat hunting. for uptime and performance.

5. Ability to Manage Geographically

There are no illusions about the amount of Dispersed Small Sites.

effort required to get a security monitoring 6. Round the Clock Monitoring

platform up and running, or what it takes to

keep one current and relevant, given the
adaptability of attackers and automated
attack tools in use today.

www.datasec.co.ke info@datasec.co.ke Mobile: +254 722 475 916

Deployment Options
1. Traditional: The customer buys and
operates the security monitoring
platform. The monitoring platform runs
on the customer premises, staffed by
the customer. This is NOT managed
security monitoring.
2. Hybrid: The customer owns the
monitoring platform, which resides on-
premise, but Datasec manages it.
Datasec handles alerts and is

Customer
responsible for maintenance and Traditional or
N/A
Hybrid
system uptime.
3. Outsourced: Datasec owns the
Ownership

platform that resides on the customer’s

Datasec

premises. Similar to the hybrid model, Single or Multi

Outsourced
Tenant
Datasec staffs the SOC and assumes
responsibility for operations and
maintenance. Datasec
Customer Premise
Premise/Cloud
4. Single-tenant: Datasec runs the
SOC Location
monitoring platform in their SOC or the
cloud, but each customer gets its own
instance, and there is no commingling
of security data.
5. Multi-tenant: Datasec has a purpose-
built system to support many clients
within a shared environment, running
in their SOC or the cloud. Application
security controls are built into the
system to ensure customer data is
accessible only to authorized users.

www.datasec.co.ke info@datasec.co.ke Mobile: +254 722 475 916

Security Monitoring Tools

1. Log Shipper: Filebeat, Winlogbeat,

Windows Sysmon
2. Network Deep packet Inspection:
Packetbeat, Netflow, ndpi, nfpcap
3. Host Intrusion Detection: OSSEC
4. Viewer and Correlation: Logstash
and Kibana
5. Reporting: Dradis
6. Threat Intelligence Sharing:
MineMeld
7. Database: Elasticsearch
8. Aletting: ElastAlert
9. Data Security: SearchGuard is used
for encryption and authentication on
top of Elasticsearch

www.datasec.co.ke info@datasec.co.ke Mobile: +254 722 475 916