About Active Defence Essentials
Vectra’s Active Defence Essentials service is nimble, responsive and customisable enabling us to protect all organisations with the same enterprise solution, regardless of whether their assets are on-premise, in the cloud, or in both, at an affordable price. An out-of-the-box solution that can be deployed very quickly, and tuned to your exact requirements.
Active Defence Essentials is powered by leading cloud-native, SaaS solutions. Your organisation will benefit from a consistent and uniform protection service, which is constantly updated to detect the latest threats. Vectra processes and expertise will help you keep your environment safe and compliant while you focus on your business.
Delivered and consumed as a true SaaS. Vectra Active Defence Essentials provides you with the option of either an AZURE or AWS hosted SIEM SaaS Solution.
Standard Features
- Cloud Enterprise SIEM with optional SOAR
- Log collection and retention
- Event analysis and correlation
- Event and offense triaging
- Real-time alerting
- File Integrity Monitoring
- Global threat intelligence feeds
- Daily service platform tuning
- Incident response
- External vendor APIs and integration
- Prioritised Vulnerability Scanning and Management
- Monthly Executive Security Reporting
What Vectra Deliver
When you trust Vectra with your security operations management, you can expect to receive leading class cyber security services. Our platform and service, when combined with an experienced analyst team, supported and managed by highly skilled professionals include:
- Monitoring and response to advanced threats, using leading technologies and intelligence
- Providing responsive cyber security support to your organisation in a pragmatic way
- Scanning and management of system vulnerabilities, with actionable remediation advice
- Improve security posture, lower threat risks, and help remediate vulnerable systems
- Executive reporting for your security team, management and board executives
Active Defence Essentials Addresses
- Insider Threats
- User Behaviour
- Critical Data Protection
- Advanced and Persistent Threats
- Securing the Cloud
- Managing Risks and Vulnerabilities
- Incident Response
- Compliance
Active Defence Essentials Deployment Options
IBM QRadar on AWS
IBM QRadar for AWS is an all-in-one appliance, deployed in AWS and utilises the Australian data centres for computer and storage.
The QRadar Console Image in AWS enables us to easily deploy a QRadar Console to act as either an All in One appliance or a Console in a distributed deployment.
QRadar provides a unique approach to security analytics by chaining together related events to provide security teams with a single alert on each potential incident. This advanced correlation helps to reduce alert fatigue, streamline attack detection, and enable security analysts to respond to critical incidents faster.
All in One Appliance – a stand-alone appliance capable of all QRadar functionality. This includes dashboards, receiving event and flow data, processing the data to create assets, offenses, reports, vulnerability data, and using apps from the IBM X-Force Exchange. The data on an All in One Console is stored locally.
Vectra also offers a pure vendor hosted and managed platform delivered from IBM’s data centres. IBM QRadar-on-Cloud (IBM QROC) makes it easier for you to access your security information no matter where you are.
Microsoft Sentinel
Microsoft Sentinel from Microsoft is a cloud-native SIEM system that a security operations team can use to:
- Get security insights across the enterprise by collecting data from virtually any source.
- Detect and investigate threats quickly by using built-in machine learning and Microsoft threat intelligence.
- Automate threat responses by using playbooks and by integrating Azure Logic Apps.
Unlike with traditional SIEM solutions, to run Sentinel, you don’t need to install any servers either on-premises or in the cloud. Sentinel is a service that you deploy in Azure. You can get up and running with Sentinel in just a few minutes in the Azure portal.
Sumo Logic
Sumo Logic’s Cloud SIEM solution provides security analysts with enhanced visibility to seamlessly monitor their on-prem, hybrid, and multi-cloud infrastructures and thoroughly understand the impact and context of an attack. In addition to supporting a wide spectrum of security use cases, including audit & compliance, Sumo Logic fused analytics and SOC automation to perform security analyst workflows and automatically triage alerts—increasing human efficiencies and enabling analysts to focus on higher-value security functions.
Speed up incident investigations by automatically triaging alerts and correlating threats across your on-prem, cloud, multi-cloud & hybrid cloud sources.
A cloud SIEM solution should be a long-term investment, so it’s important to consider the upfront and ongoing costs as part of your selection decision. Sumo Logic provides a cost-effective licensing model that fits your budget.