Product Summary
SEP2.security is SEP2’s modular MDR (Managed Detection and Response) service. It is based on the Google Chronicle SIEM platform, bolstered by the functionality of the Google Siemplify SOAR (Security Orchestration, Automation and Response) and allows for your security team to get top-tier insight into potential threats, with the SEP2 Security Intelligence Services team at the helm to respond to and assess events.
The technical elements of the platform are cloud-native, with multi-tenancy built in with each customer having their own encrypted space within the system. Using the same underlying platform as the core Google Search, Chronicle provides near-instantaneous access to security and event data within an organisation, with online retention of the data for 12 months.
MDR is generally focused around an EDR (Endpoint Detection and Response) or XDR (eXtended Detection and Response). SEP2.security allows for you to bring your own EDR, or gain this capability if you do not already have it.
The architecture allows for a light touch, or no touch, deployment of on-premise systems, in many cases requiring only a single lightweight virtual machine to be deployed for hybrid/on-premise organisations – or in some fully cloud based organisations – no new compute resources required at all.
Using the expertise of SEP2 and Google, we are able to parse logs from an a huge number of sources. Any data added to the system will be used to enrich detection and correlation rules within the SOAR platform.
The licensing of the solution is a flat, per-user model. There are no limits to the volume of log data that can be consumed, across as many log sources as is needed.
A service that grows with you
SEP2.security is designed to be modular, adding more protective layers as your organisation requires. Building on top of the base MDR platform, optional elements within the SEP2.security offerings can include:
- Advanced Network Detection and Response (NDR) capabilities, using sensors to capture internal network traffic for the added visibility
- Endpoint Detection and Response (EDR)
- Managed user-awareness training and phishing simulations
- Dark and Deep Web monitoring for internal asset exposure and potential data loss events
- Vulnerability scanning and remediation service
- Virtual or Team CISO services for higher-level Cyber Security Strategy considerations
Learn more about SEP2.security – Book a Demo now
SEP2.security MDR FAQs
SIEM stands for ‘Security Information and Event Management’. SIEM as an overarching security tool whose job it is to recognise threats and vulnerabilities before they have a chance to do any harm. A SIEM will collect information from right across an organisation’s users, networks and cloud infrastructure.
Typically, these days a ‘Next Generation’ or nextgen SIEM is the de facto solution. Building upon the base of the SIEM of the past and adding UEBA and SOAR technologies.