TraceAlert SIEM FAQs
What is a managed SIEM Solution?
Traditional SIEM tools require a great deal of configuration, tuning and monitoring to be truly effective. A managed solution means that in addition to the SIEM software tools you also receive a service that can handle those items so you can devote resources to other matters. This can be instrumental if you have limited time, and want to identify the most relevant threats as soon as possible.
What are the benefits to using Trace’s SIEM Solution over other SIEM solutions?
The 24x7 SOC (Security Operations Center) that takes care of configuration, tuning, monitoring, false-positive review, and alerting for incidents. With a product-only solution, you will be responsible for all of that activity.
I’m an IT department of one – why should I use Trace’s SIEM Solution?
You will be gaining a 24x7 SOC staffed with a team of security experts that manage and tune your SIEM solution for you. Alerts will provide you with detailed information so that you can easily and quickly remediate any findings.
I outsource my IT and Network tasks and am not an IT professional, how can Trace’s SIEM help?
TraceAlert works seamlessly with your outsourced provider and can send alerts directly to them. Alerts contain detailed information that allows your provider to easily remediate any findings.
What government regulations can Trace’s SIEM help to satisfy?
Any regulation stating that you must have regular log management and review.
How long does it take to implement?
Depends on your existing environment, technical resource availability, and configuration. Implementation consists of information collection (define contacts, machines to be monitored, etc), installation of a single piece of communication software, and verification that data is being collected.
I’ve got a network firewall – do I need a SIEM solution?
Yes, firewalls typically only monitor the perimeter of your network and decides what gets in and out. Defense in depth is key to a successful security program – a SIEM solution monitors traffic and activity on your internal network to identify suspicious behavior – things like ransom-ware, malware, etc.
I’ve got IDS/IPS – do I need a SIEM solution?
Yes - IDS/IPS is also perimeter defense (intrusion detection/prevention). Once something gets inside your network (user clicks phishing email, downloads infected attachment, visits webpage) these tools are less effective. SIEM attempts to identify the bad behavior that malware performs on your network.
I’ve got a UTM (unified threat management) appliance – do I need a SIEM solution?
Yes - again, because UTM appliances integrate functionality of devices that monitor perimeter activity (such as firewalls, gateways, and IDS/IPS), a SIEM solution should be used in conjunction with a UTM in order to monitor both the network perimeter as well as your internal network.
What sorts of things would a SIEM detect that other solutions might miss?
A properly configured and monitored SIEM tool can detect Ransomware, brute-force login attempts, and new exploits that don’t have antivirus/vulnerability signatures yet.
How much does support cost? When is support available?
Support is included with the cost. Alerting occurs 24/7, via email.