Threat2Alert | Host Intrusion Analysis

An overview of Threat2Alert

Threat2Alert delivers far more than just a simple managed SOC. We focus on understanding the reasons why you want your systems and data monitored, and seek to act as an extension to your organization.

Threat2Alert provides you with the ability to provide an effective response to a breach. Alerting around indicators of compromise that will give you actionable information.

  1. Situational Awareness: Would you know if and when you are hacked/breached?
  2. Actionable Events: Do you have the correct information to be able to react?
  3. Effective Response: Do you have the right people and tools to enable the correct response?
Threat2Alert Services

To respond effectively it is essential that you are collecting the right data from your log sources.

It is also imperative that the environment and business risks/concerns are understood within the SOC. We will work with you, on an ongoing basis to ensure that the information that is important to you is being protected.
Threat intelligence data can be built into the service, along with regular business and situational awareness of your organization. Combined with the log and event analysis, it will enable us to provide a highly tailored service that helps combat your business risks.

The three key elements of the service

1.   The SIEM Conduit:

Centralize all your log sources

  • Powered by LogRhythm, providing you with a mechanism to collect and correlate a wide set of log data.
  • Collect packets and logs for in depth analysis and correlation.
  • Simple to install and setup on centralized and diverse networks.

 2.   The Cyber Incident Response Team:

Experts who ‘Respond in Depth’

  • Certified and trained eyes on screens.
  • Proactive actions giving you peace of mind when events occur.
  • Guidance, advice and help on hand when you need to respond or investigate.
  • Advanced Incident Response (IR) tools to allow more detailed real time investigations.

3.   Intelligent Integration:

Threat intelligence, malware/packet inspection

  • Integrates with many technologies to ensure your environment is reporting at the right level.
  • Network based captures (Security onion, IPS, firewalls, etc).
  • Host based captures (Whitelisting, malware detection, FIM, etc).
  • Threat intelligence (Who is targeting you? How they will attack? Where is your name being mentioned?).

Security Data Breaches React As They Happen Protect Your Data

On-boarding process

The on-boarding process includes the following:

 An initial business intelligence workshop to gather the key assets, risks and information about you

  Information about any Collector Agents you have installed and any current log sources

  An initial baseline of the data to be collected and agreements for reporting/alerting

Collecting the right log data is vital. These sources include:

  Web Servers

 Proxy Servers


 Authentication Systems

  Firewalls, Routers and VPN Services

  Security Solutions (Anti-Virus, IPS, DLP, Encryption)

  Custom Applications

We will review the sources and the events with you based on your business concerns.

A bedding in period (normally around four weeks) will take place. At the end of this process agreed acceptance testing is carried out to ensure that activities, log detail and alerts/configuration are active and working. Tests will be completed to ensure that specific simulated events do generate the required alerts and actions. This is essential to give both you and your Threat2Alert team, the confidence that the systems are working.

“Threat2Alert’s security managed service is a vital part of Asta Management’s IT security operations, and has helped to strengthen its overall security posture. Thanks to the deployment of Threat2Alert we have 100% greater visibility of any threats and potential threats within our environment.”

Adrian Legon

IT Manager, Asta Management Services Ltd

Initial business intelligence workshops

In order to know the events and alerts that are required, an initial workshop is carried out with all customers to establish a clear purpose and set of objectives for the service. Your principal security concerns will be recorded and defined.

If your concern is around Payment Card Data, health records, PII, Intellectual Property (IP), contracts or client data, then where the data is held and the specific systems/critical log sources need to be identified.

We will not only provide a service to perform log collection and analysis, but we will also ensure that the right logs and level of logs are being provided.

Deliverables and reporting

Threat2Alert will deliver both active alerts to our SOC for proactive investigation/escalation, and daily/weekly/monthly reports based on defined actions and events.

In addition, monthly/quarterly management reports will be presented that will provide you with an overview of the baselines, behaviours, events investigated, trends and analysis against your principal security concerns.

Recommendations and guidance around cyber security in general will be provided, to ensure you have the right information to provide the right level of response.

Contact  a dedicated technical account manager will talk to you about Threat2Alert for your company.