Public Relations

Asgent to Provide “SIEM-J+”, a Log Management & Analysis Tool Used by Asgent, with Support Services for Autonomous SOC/CSIRT

June 24, 2015
Asgent, Inc.
(JASDAQ: 4288)

Asgent, Inc. (President & CEO: Takahiro Sugimoto, located in Chuo-ku, Tokyo), a pioneer in network security and operations management solutions, announces the start of sales for “SIEM-J+”, a log management and correlative analysis platform for corporations and other organizations. In addition, Asgent will also provide support services for corporations and organizations looking to operate their own autonomous SOC/CSIRT.

【Background】

There is an increasing movement primarily amongst large corporations and central government agencies to put together internal organizations such as “SOC (Security Operation Center)” and “CSIRT (Computer Security Incident Response Team)” to deal with security operations and monitoring, and any security incident that may occur, respectively. The base technology that supports this system are “SIEM (Security Information Event Management)” devices that uniformly collate and manage logs from internal network nodes such as security devices, servers, clients etc. and that in turn perform correlated analysis on these logs.
The upcoming implementation of Japan’s “My Number” system is having a direct effect on regional municipalities, independent administrative agencies and mid-sized businesses due to demands made by the new system, and the issue of how to develop a platform system to suit the size of an organization while also managing it with security and cost savings in mind is becoming an issue.

【Issues with SOC/CSIRT】

In shared SOC services provided by MSSP (Managed Security Service Providers), the elements necessary to run a SOC such as dedicated personnel and operations knowhow, platform SIEM solutions etc. are all shared and are provided as so-called “cloud services”. By transferring logs from devices to be monitored to the MSSP service platform, it is possible for those businesses and organizations using the service to outsource their security monitoring operations to the MSSP.
However, for organizations where it is not possible to transfer the log externally due to security policies, these shared SOC services are not an option. In these organizations, it is necessary to organize, create and operate a PSOC (Private SOC). The problem here is the lack of personnel with sufficient operations knowledge. In this case, one viable resolution is for the MSSP to provide personnel as part of a service to manage on behalf of the organization, but in these cases the operations knowhow is not transferred to or built up within the organization paying for the outsourced operations, and a new issue of expanding costs in the long term becomes prevalent.

【Issues with SIEM】

On the other hand, SIEM is only a platform system for a service, and its value is determined by the SOC/CSIRT operating it.
For example, as SIEM configuration parameters, there are rules such as the import methodology for log data from devices, the logic used to perform correlative analysis on logs as well as rules on creating monitoring alerts. SIEM operators must design the parameters dependent on the environment and needs, and continuously tune the device based on ever changing cyber security circumstances. Even if a rule set is provided by the vendor as a template, it is still necessary to continuously tune the rules to suit the organization. In other words, it is not possible to get the most out of a SIEM without personnel who have deep insights and skills as security specialists.

【About SIEM-J+】

Taking the previous issues into hand, Asgent, an MSSP in its own right, will start sales of the SIEM product that it uses as a service platform as “SIEM-J+”.
Also, in conjunction with this, Asgent will systematize the knowhow gained as an MSSP covering everything from security service platform development to operations and will provide it as a service framework. By providing comprehensive services and consulting that includes designing of and training for SOC/CSIRT along with technical support such as defining various parsers (normalization of logs when importing from nodes into SIEM) and rules, as well as tuning, it is possible to maximize the value of the SIEM product. By using these services, organizations can train and educate their own security specialists and in the long term operate an autonomous SOC/CSIRT that is aware of both security needs and costs benefits.

【SIEM-J+ Service Framework】

A roadmap for the necessary steps from integration preparation to autonomous operations of the SOC/CSIRT and support services for each step, in line with customer needs, are provided as services. Objectives are shared with the organization who is to be the main operator, and support options are provided to resolve various issues along the process.
Once the customer chooses the necessary services from the service menu below, Asgent can effectively use the security insights and skill that its specialists personnel hold. This in turn allows for transfer of SIEM tuning and operations knowhow to the organization, which are issues that organizations face regarding SIEM and SOC/CSIRT, along with related adjustments to outsourcing commission costs.

【Service Menu】

1. Deployment Consulting - Development to Operations of new SOC/CSIRT, improvements and modifications to existing SOC/CSIRT -

・Concept Design

・Definition of Services Provided

・Roadmap Creation

2. Deployment Services - Necessary Configurations for SIEM Deployment/Operations, Deployment/Operations Guidelines for SOC/CSIRT -

・SIEM Deployment Scope Configuration

・SIEM Rule Set Creation

・SIEM Alert Escalation and Response

3. Operations Design Service - SOC/CSIRT Operational Design -

4. Rule Set Tuning Service - Tuning of SIEM Parser and Rule Set to Suit Operations -

5. Escalation Service

・Escalation to Asgent SOC Based on SIEM Alert Level

・Escalation to Asgent SOC in Case of Security Incident

6. Operation Service - Performing Operations with Outsourced Technical Staff -

7. Operator Analyst Education - Training Support to Enable Autonomous Operations -

【Roadmap: Example of Transfer to Autonomic Operations】

“Operation Service” is selected for the short term, while operators within the organization perform operations themselves utilizing the “Operator Analyst Education” option. Response to various alert levels is managed by linking the “Escalation Service” to the Asgent SOC and performing OJT in this way.

【Roadmap: Example of Early Detection/Integrated Solution】

In addition to the above, SecurityPlus “SecurityDoc”, a service to help investigate and detect security incidents at an early stage is added, and is managed by “SIEM-J+” while performing periodic security incident checks.

※ About SecurityPlus
The generic name for a group of services that provide the highest quality of security, including Asgent’s security knowhow gained over many years, at a reasonable price.
SecurityPlus provides all the necessary services that a company requires to maintain the highest level of security, including (1) Managed Security Services, (2) Security Diagnosis, (3) Forensic Security Investigations/Countermeasures, (4) ISMS and security audits, and countermeasures for (5) Social Engineering, which is common among all security breaches.
“SecurityDoc” is an investigative service to detect security incidents before they cause any damage to the organization.

【Sales Target】

■ Start of Sales:

July 1^st, 2015

■ Pricing:

\6,300,000〜　(10GB/1 day of logs (estimated 1000EPS), tax excl.)

\9,500,000〜　(25GB/1 day of logs (estimated 2500EPS), tax excl.)

\14,250,000〜　(50GB/1 day of logs (estimated 5000EPS), tax excl.)

※ Quotations will be given for each various service menu

■ Sales Target:

300 Million Yen/Initial Year

* All company names or product names are registered trademarks of their respective companies.