As the initial version of our Entperise SIEM Subscription Service rolls out Decurity is pleased to announce full support for ArcSight ESM 4.x and ArcSight Logger 3.xProducts. As part of your 12-Month Enterprise ArcSight Subscription you receive the following service(s):

Initial Implementation / Expansion:
Decurity can help during all phases of your SIEM and/or Log Management deployment. Decurity will work with you to help you define the requirements, guide you through vendor selection, architect the solution, implement or expand on your existing infrastructure. We partner with you to ensure you receive the best possible SIEM and/or Log Management solution for your needs.

Log Management and SIEM integration Support
We’ll help you most effectively use your Log Management and SIEM tools to complement and enhance the overall value of both solutions!
We’ll ensure from the data is intelligently processed providing you with the information you need but not killing your SIEM and overwhelming your team. From the Event Source through the “collector” into your Log Management Solution and finally as it reached your SIEM we’ll work with you to ensure the right information is collected, stored, forwarded and analyzed to maximize functionality and overall value by reducing storage/processing costs.

Quarterly SIEM Healthchecks:
As part of this service offering on a quarterly basis Decurity will work with your team to ensure your SIEM is performing at it’s most optimal capacity. Typically, much of this work can be accomplished remotely further reducing your team’s time and cost commitments. We’ll quickly identify any issues, offer remediation plans and help you implement any necessary changes.

Partnership:
Through a monthly communications program we'll team our experts with your staff to understand your needs and wants and help you determine the most appropriate next steps for your environment. That might be recommendations on new/updated event sources, advice on redundant or failover architectures, recommdations on increasing storage or tuning storage for pefromance or how to further integrate SIEM products within your organization to gain even more value. We'll work with you to ensure you extract the maximum value from your SIEM investements.

SIEM Content Updates:
Our experts will develop SIEM Content to help your analysts more accurately focus on the “Events of Interest” for your organization. Our solutions are categorized by Event Source and/or by Problem-Set to help you better understand which content will add value to your environment. Solutions will be updated on a recurring basis (daily, weekly, etc) as new Event Sources, Problem-Sets and Solutions are identified and/or refined.

Here are some examples of the ArcSight Content we’ll update/refine for you:

• Active Lists: For Example: Hot IP’s, Domains - We maintain a list of Hot IP’s and Domains that is updated Daily (as necessary).
• Session Lists
• Active Channels: Events of Interest, Interesting Analytical Views
• Data Monitors / Dashboards: Statistical Analysis, Performance Measurements, Security Status Dashboards
• Filters: (reusable queries)
• Reports/Query/Trends: Reports that focus on measuring success or providing “Actionable Intelligence”
• Correlaton Rules: Basic and Advanced Correlation relevant to the Problem-set and customizable to meet your specific organizations needs.
• Workflow and Notifications
• Tools: Integration of tools/macros/scripts
• Pattern Discovery (Profiles): By providing new and updated profiles based on Event Sources or problem sets we’ll help you gain the most from this powerful tool!

Custom Use-Case Development:
In addition to our recurring content updates our customers also have the opportunity to submit new problem-sets and use cases for us to solve - simply work with our team through the customer portal in our support system to use understand the problems you are trying to solve and we’ll work with you to develop customized solutions. You can leverage this subscription service to constantly create new solutions and enhance existing ones!

Summary:
No matter where you stand with your SIEM deployment, Decurity’s Subscription service will benefit you greatly. If you’re just getting started we’ll save you significant time and energy by appling our expertise to your situation.. If you’re more mature in your SIEM efforts we can help ensure you’re really getting all the value you possibly can from your system. Our goal is to make this as simple as possible so that you can work on the output of the SIEM and take action to protect your enterprise. We’ll make the power of SIEM work FOR you!

Sales Information: We want to work with you to understand your needs and will be more than happy to schedule some time to talk more about how Decurity can help you with your SIEM and Log Management needs. Please send us an email at sales at decurity dot com with any questions you might have and we’ll get back to you (usually the same day).

Roadmap: We anticipte adding support through additional subscription plans for additional products including Splunk, RSA Envision, Symantec SIM 4.6+, Log Logic and other leading Log Management and SIEM products.

About Decurity:
Decurity supports the Fortune 500 Globally and many US Government customers on a true enterprise scale. We are focused solely on Security Operation including the usage SIEM and Log Management Solutions to enhance the Incident Response Process. Our experts have been responsible for hundreds of Log Management and SIEM implementations across the world. We will do what it takes to make you successful!

*ArcSight ESM, ArcSight Logger, Splunk, RSA Envision, Log Logic, Symantec SIM are all registered trademarks of their respective companies.