All mSIEM offers are Co-Managed, meaning the client will always have full root/admin access to the platforms. The reason is two fold, as Castra believes security is only as good as the knowledge of the network and associated risks. Castra Consulting knows the platforms and how to detect, the client will know their own environment. Working as a team we will find and report on the items that keep the client awake at night. Secondarily Castra believes in open door teaching methodology. We share everything we do with the client and promote transparency in all we do. Security should not be mystery, and Castra /client interactions are paramount for the success of the long term solution.
Management of a SIEM or USM is generally broken into two distinct roles, each requiring a distinct set of skills.
Day to Day Alarm Investigation and Triage is or can be a full time job, especially in larger installations. What happened? When/between which devices, or more simply Alarm Validation, Detection Posture
Behind the scenes maintenance, updates, upgrades, data flow and ingestion or correction, policy and posture tuning, day to day / week to week / month to month Health and alarm efficacy
3308 Durham Chapel Hill Blvd
Durham, NC 27707