apto solutions limited

SIEM Platform Operation

For customers who have cloud SIEM platforms. Our service automates the daily/weekly/monthly tasks which, in order for a SIEM to operate effectively, it is imperative that someone is carrying out. This provides proactive maintenance ensuring that your SIEM is fit for purpose at all times

Features

• SIEM solution design & vendor selection
• consideration of peripheral topics - data pipelining, analytics, retention
• monitored SIEM - platform, data, performance, analytics, reporting, content management
• SLA support for cloud SIEM
• updates, upgrade and maintenance of SIEM
• managed threat intelligence feed for cloud SIEM
• platform agnostic cloud SIEM management
• Splunk, Sentinel, Cribl and other SIEM platforms
• works with QRadar, Elastic, Exabeam, Google Chronicle

Benefits

• proactively monitored SIEM platform that is always fit for purpose
• evidence data and use cases to risk register
• optimise cost of SIEM platform
• control your data, retain and analyze in the best place
• reduce headcount or focus your team on higher value tasks
• reduce burden on the SOC of tool and platform management
• reduce vendor lock in
• continuously evidence security coverage and cost to the Board
• link data and use cases to threat model
• platform agnostic SIEM management

£20,000 to £80,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.eastwood@aptosolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

505575442391564

Contact

Simon Eastwood
+44 (0) 7718319047
simon.eastwood@aptosolutions.co.uk

Planning

• Planning service: Yes
• How the planning service works: Our methodology helps buyers through the process of implementing cloud hosted SIEM services. Our four stage process of discovery - design - implementation - operate helps customers plans out their journey so that they end up with a service which is cost effective and meets their needs. We start by identifying business risks and compliance requirements, distilling this into a threat model and use case list. We then help help design a cloud solution and assist with vendor selection. Once this is done, we can help implement the chosen cloud service before also operating it. Our approach ensures that customers control their data, what data they ingest into the cloud service and where they retain data. This approach ensures that customers control the cost, both now and in the future, avoid vendor lock in and retain flexibility on where and how they analyse and store their data. We have a team of consultants accredited in multiple SIEM products who can assist with this planning. SIEM is a solution which must be constantly maintained to operate effectively, which we can ensure.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: We can provide training in our best practice approach for implementing SIEM solutions, as per our methodology
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Similar to our implementation approach, our four stage methodology can be leveraged to help with migration activities. Our team of consultants can perform a SIEM data discovery approach to identify what use cases are currently in a SIEM, what data an organisation has that is in scope of SIEM. We can then reconcile existing data and use cases against any existing risk register and compliance requirements. Combining these artefacts, and updating as necessary, we can define a threat model and use case list for the new cloud service, including what is migrated, what can be retired and what is new to take advantage of the new service. Our approach looks at creating content in a vendor agnostic approach. For example in the context of SIEM writing use cases in a vendor agnostic language and considering open standard data models. This eases the migration process in the future and reduces vendor lock in. We are able to leverage approaches to assist with the migration itself such as utilising data pipelining approaches to devise strategies for extracting retained data or duel forwarding data. We can plan a migration approach, whether it is a hard cut over, or dual running services.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Our methodology ensures that use cases are implemented into your cloud SIEM service against a framework of risks and threats. By using synthetic data we are able to test that your SIEM use cases are firing when they should be. Such testing can be done periodically, or on a continuous basis. By mapping use cases to frameworks and approaches, e.g. NIST, MITRE, ISO we are able to clearly identify gaps in your security posture to enable you to evaluate the quality of your SIEM coverage and future investment. ; ; Our SIEM operate service then ensures that the quality and performance of your SIEM meets the required standards at all times. Our automated process enables us to carry out a series of daily, weekly and monthly checks to ensure that everything is working correctly. Our checks cover a range of SIEM aspects including platform management, data management, content management, performance management, analytics management and reporting quality. Our integrations will alert you, via email or ITSM integration, of any quality or performance issues with your SIEM that need to be addressed. Our service can proactively remediate these issues, with your agreement, ensuring that your SIEM if running correctly at all times.

Security testing

• Security services: Yes
• Security services type:
  • Security risk management
  • Cyber security consultancy
  • Security audit services
  • Other
• Other security services: Threat detection design and implementation

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: Our automated process deploys an app onto the customers cloud SIEM environment. Our approach pulls telemetry and metric data. It never sends any “Customer Data” from the customer's system. Each of the collectors is available for the customer to inspect. Searches are run typically once/24hrs and send the results via encrypted HTTPS to the telemetry gateway which is a component that operates within AWS. The telemetry gateway pre-processes customer telemetry and ensures that customer data is correctly tagged and identified. Telemetry messages are queued, and delivery is monitored to ensure the telemetry service is always operating. The telemetry service generates its logs via Cloudwatch which are also collected and monitored. Telemetry and metric data are delivered to Apto. Here custom search dashboards and reports are used to monitor the status of customer environments providing insight into the various operational controls that the customer has elected to have monitored. Automation is used to track the status of alerts and ensure that any warnings or deviations from baseline are catalogued and investigated, reported and/or resolved (depending on customer preference). Apto Operations staff may feedback on notable incidents to the customer via agreed mechanisms (ISTM integration, phone, email etc)

Service scope

• Service constraints: There are no specific constraints. A catalogue of the specific monitoring controls can be supplied. All major cloud SIEM platforms are currently supported.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response in 0900 to 1700, 5 days per week. P1 response is within 4 hours. Specific SLA's can be specified
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Our service includes proactive monitored SIEM. Our proactive report provides daily, weekly and monthly reports depending on the checks being carried out. For daily checks, reporting is by the end of the day in which the check is carried out, for weekly is end of the week. In addition to monitored SIEM, customers can raise support tickets on the support levels below. Both aspects of the services are provided within the overall cost. The service is delivered based on a fair usage policy, to be agreed between the customer and supplier depending on the complexity of the customers SIEM deployment. A dedicated accounts manager and support manager are available to the customer. ; ; For SLA support tasks; ; Priority level P1/P2 as below;; Initial response/request for information + 4 hours + 12 hours; Outline plan of action + 1 days + 5 days; Escalation to Director + 4 days + 7 days; Ongoing progress reports Daily Weekly

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QAS International
• ISO/IEC 27001 accreditation date: 14/06/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  As a business, Apto is committed to fighting climate change including operating in a modern, energy efficient managed office, encouraging limited travel and remote working where possible, operating a paperless office, operating on efficient cloud services where possible and operating electric vehicles. Our service is aimed at helping customers optimise their usage of cloud services, specifically with cloud SIEM services in mind. Frequently vendors advocate a policy of ingesting all your data into your cloud platform. Not only does this lead to vendor lock and and commercial issues, it also drives excessive use of cloud services. Especially for the data volumes associated with SIEM, operating excessive cloud workloads needlessly increases ingest and data storage, all of which leads to more energy usage than needed for these services. As data volumes continue to grow, ingesting and retaining data becomes expensive, monetarily and from an energy perspective.

  Tackling economic inequality

  Under the Policy Outcome heading we are tackling supply chain resilience and quality. We see a gap in the market where many organisations who have bought SIEM have underestimated the effort in keeping a SIEM tool fit for purpose. Not only does this lead to poor performance and high cost, it means that SOC teams are, at best, not obtaining the best data they can and at worst do not trust the SIEM. For a detective solution to work correctly it is imperative that SOC team are acting on the best, most up to date information properly. This requires a SIEM to be properly designed and implemented. By growing our business and this service we are also providing employment opportunities. Working as part of the Apto Operate service is an excellent way for our new joiners to begin their careers in cyber security engineering.

  Wellbeing

  A frequently reported fact is currently on SOC analyst burnout and well being. The requirement for cyber security professionals is increasing, and the need for SOC operations. However, as data volumes exist, this is increasingly becoming a job of looking at vast quantities of data. Terms such as "alert fatigue" are becoming more frequent as SOC analysts are overwhelmed with data and false positives. Our service aims to automate and optimise the use of data within SIEM. Not only does this stop employees having to manually carry out these tasks, but also improves the quality of data to the SOC team

Pricing

• Price: £20,000 to £80,000 a licence a year
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.eastwood@aptosolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.