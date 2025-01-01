information security services

Managed SIEM serviceIn recent years, the adoption of new technologies has changed the way organizations work. Companies are generating and protecting more data than ever, and storing it in the cloud and across multiple devices. This is fundamentally changing the IT security requirements of organizations. Monitoring the security compliance of systems and devices is no longer sufficient— enterprises require comprehensive cyber detection capabilities and intelligence to recognize and mitigate potential threats. Traditional Security Information and Event Management (SIEM) tools are used to collect event data generated by your organization's IT infrastructure. This information is then interpreted in an enterprise context by correlating event data with other sources of contextual information, to identify anticipated and unanticipated actions that might indicate misuse of business assets, or result in a potential business risk. With Verizon's Managed SIEM services, your organization will benefit from our intelligence gained from providing security services for 25 years, while still retaining the advantages that a dedicated SIEM solution offers in terms of data control. This combination helps you to quickly establish an operational SIEM service and achieve a level of security monitoring that goes beyond what you can provide in-house. If you'd like to receive new articles, solutions briefs, whitepapers and more—just let us know. Managed SIEM is a continuous security monitoring solution for rapidly identifying security threats, helping you respond to potential compromises before they materialize into serious data breaches or cause major harm to your critical business infrastructure. Our service provides a fast response, expert incident management, access to comprehensive security intelligence and detailed reporting capabilities. We actively gather and digest security threat intelligence from both internal and external sources, to proactively identify, analyze and assess possible impacts on your IT infrastructure. These findings will be made available to you through the Managed SIEM Content Library, empowering you with the knowledge and tools you need to stay secure. Our Managed SIEM service includes 24x7 monitoring of your SIEM alerts. Verizon's Security Operations Center (SOC) analysts will intepret the information generated in relation to your business context and assess the potential impact on your environment. If they determine that these alerts are valid, they will escalate them according to their classification within the Service Level Agreement (SLA). Our 24x7 health monitoring and device management service will help to keep your log management and security monitoring architecture up and running, and collect and analyze log evidence on a continuous basis. We understand that you expect a predictable and measurable quality of service. Our SLAs clearly specify what you can expect from our Managed SIEM services and by when. We also publish quality metrics, fully document escalation procedures and define the responsibilities of each party. Read the next page to learn more about the specific components of our Managed SIEM service. Managed SIEM Intelligence and Improvement Services provide you with access to a body of knowledge based on our security expertise and intelligence. These insights can be used to maintain, improve or mature your security monitoring capabilities. You'll have access to Verizon's best practices, recommended architecture and guidelines for implementing and operating SIEM analytics. We also evaluate SIEM vendor upgrades and updates, to analyze their impact and determine if they pose any reliability problems. Only after a positive outcome will the patches be released for installation. This testing prior to deployment helps reduce the potential impact to your service availability and performance. The Verizon Managed SIEM Content Library serves as the foundation for our Managed SIEM analytics. The library consists of a collection of predefined and proven SIEM content. Each use case is built around a set of event monitoring scenarios that can be implemented on the SIEM infrastructure using one or more correlation rules, filters, report definitions and/or dashboards. Verizon will provide recommendations to maintain and improve the running SIEM content, as new threats and changes arise in the environment. When this happens, you'll be sent content library update notifications. These contain recommendations and internet links with additional information, to aid your understanding of the risks and mitigation strategies. We'll appoint you with a trusted Security Services Advisor, who will host regular security review meetings. All customers have access to security advisors who work across several accounts, but your own dedicated advisor can be contracted at an additional charge. Your advisor will provide you with:,A Senior SIEM Engineer can work with your organization to review your platform configuration and running content set, and provide recommendations on use case creation as well as dashboards, tuning and log source tuning. They can also implement any changes to the running SIEM content after impact analysis and validation. Our Managed SIEM services are delivered from our regional SOCs, where our security analysts deliver monitoring and management services on a 24x7 in-region basis. Our security experts will continuously monitor your SIEM alerts, and escalate any incidents requiring immediate action to your nominated security personnel. They will analyze all SIEM-generated alerts for their potential impact on your business. They'll also generate and interpret different reports to proactively identify trends and potential anomalous behavior, before they become serious threats or security breaches. We're also responsible for the lifecycle management of your SIEM content. This will involve interacting with your security teams on a daily basis, to evaluate and help maintain the efficacy and validity of the implemented SIEM content set. The Verizon Threat Research Advisory Center is an additional resource that strengthens our ability to draw conclusions and provide security recommendations to you with confidence. The Verizon Threat Research Advisory Center helps to aggregate sources of threat data, using our expansive IP backbone and extensive forensic caseload. We then normalize this data, analyze it and produce actionable intelligence. The Verizon Threat Research Advisory Center provides three types of intelligence—strategic, tactical and applied intelligence. Strategic intelligence provides information about attack tactics and methods. Tactical intelligence provides information relating to specific indicators of compromise. Applied intelligence brings these two sources together, to recognize potential threats to your system. Collectively, these three levels of insight help your organization to prepare for, recognize and respond to cyberattacks effectively,Manage risk and drive improved incident detection with threat intelligence and analysis that quickly identifies threats to your network. Partner with us to build a customized Advanced Security Operations Center for your organization. Hunt down cyberattacks at enterprise scale with computer-driven speed and precision. Monitor threats and know your risk,Reduce risk and maintain the integrity of your data and applications with Managed Security Services—Premises. As your business grows, so do the threats to your systems and data. According to the (DBIR), methods of attack are becoming increasingly sophisticated. You're continually confronted by attacks that make avoiding damage difficult. But with comprehensive security monitoring and management services, you can protect what's most important. To focus on your business goals, you need to manage risk across your infrastructure. That means anticipating problems, taking corrective action, and showing practical results—while controlling costs by freeing up internal IT resources. With Verizon Managed Security Services (MSS), you can proactively identify vulnerabilities and prioritize threats—helping you improve visibility and reduce risk. Managed Security Services—Premises provides monitoring and management for a wide array of security devices at your various locations. Your devices are connected via a Connection Kit to a hosted Local Event Collector in one of our Security Management Centers. This vendor-neutral service allows you to select world-class products, help protect past investments in technology, and avoid vendor lock-in. Your security devices generate threat data in the form of logs or events. We collect this threat data in near-real time and send it to our Security Analytics Platform, with its proprietary correlation and classification technology. The platform filters out benign security events and escalates those incidents most likely to pose a threat. We then assign each incident a risk rating and reference the specific threat-detection use case triggered. You can view security incident information through the web-based Unified Security Portal. If you'd like to receive new articles, solutions briefs, whitepapers and more—just let us know. The Unified Security Portal provides an up-to-date view of the security posture of serviced devices. You can view incidents by country or see the number of incidents that are escalated, open, and closed. Status bars illustrate the risk levels—critical, high, medium, and low. Risks are also presented based on an impact and likelihood scale. The dashboard provides granular search and query capabilities, and comprehensive reporting on incidents and logs. You can review security intelligence in risk briefings, reports, and updates. Within the Unified Security Portal you can also collect, store, and search raw logs for all security devices we monitor. We store raw logs for one year and indexed logs for up to 90 days. The log management capability includes field-based filtering, along with raw log searches and downloads. Dive deeper into incident trends with the Log and Incident Analytics features. With Log Analytics, you can drill down on results and filter for a subset of logs. Incident Analytics lets you search incidents with queries on key properties. Both provide,Our threat-detection policies are based on a holistic and near-real-time, behavior-based, multifactor correlation capability. Security Analytics Platform evaluates and correlates reputational and behavioral patterns and characteristics, as well as signature-based detection methods. Our framework is the result of research and threat analyses conducted by our intelligence team, and is composed of use cases, correlation reasons, watch lists, DBIR findings, and "indicators of compromise" threat-based intelligence. Security incidents are generated based on detection policies with flexible rule setting to help control incident volumes. All security incidents generated have a clear description as to why the incident was triggered. We categorize all use cases and proprietary signatures to help increase visibility into security incidents and to help reduce the number of harmless incidents you see. The incident descriptions provide recommendations on possible actions to take, and the Security Operations Center (SOC) analysts can enrich this content. This analysis greatly simplifies incident escalation and makes it easier for you to understand the security posture of your serviced devices. We offer monitoring only or monitoring with management. You can complement your choice with the following options: Our global infrastructure, world-class services, and security professionals are ready to help you meet a wide range of security challenges. Actionable intelligence and risk ratings help you allocate the right resources against the most dangerous threats. Consistent policy management and incident handling provide a unified view of your security posture across your serviced devices. Our experienced security consultants have the knowledge and management capabilities to help youTo find out how can help you better protect your organization, contact your account manager. Gartner, Magic Quadrant for Managed Security Services, Worldwide, Toby Bussa et al, February 2018. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. , Verizon has invested in an ITIL based Program Management Office (PMO) dedicated to support all ITT72 Eligible Entities, as well as, providing enhanced support for our critical Public Safety Customers. View key information about the Commonwealth of Massachusetts ITT72 Contract No. 555593 along with specific reference materials and documents. Verizon Application Vulnerability Scanning is an accurate, complete and cost-effective web application vulnerability management solution. The service delivers the visibility, flexibility, and control that organizations need to manage website security and prevent web attacks. It is delivered using a Software-as-a-Service (SaaS) model that has been designed from the beginning to scale massively to support the largest enterprises and offer compelling business efficiencies to control overall cost of ownership of web applications. Application Vulnerability Scanning is a web-based application service hosted by Verizon to provide customers with the ability to assess their internal and external web sites for vulnerabilities and to provide remediation information to proactively and efficiently fix those vulnerabilities. Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. Online Compliance Program and Co-Managed Vulnerability Management Service Have Reached End-of-Sale. As of March 15, 2013, these services will be grandfathered and no new orders will be accepted. In our ongoing commitment to simplify our products, policies, and processes, important changes are being made to our Online Compliance Program (OCP) and Co-Managed Vulnerability Management Service (Co-Managed VM). As of March 15, 2013, OCP and Co-Managed VM will be grandfathered and no new orders will be accepted for these services. This end-of-sale announcement has no immediate impact on existing OCP and Co-Managed VM customers and ongoing support for these customers will be communicated in the coming weeks. Effective immediately, Vulnerability Scanning Services (QualysGuard) should be the product of choice for all new OCP and VM sales opportunities. A robust vulnerability management solution through Verizon's resale of QualysGuard Scanning Services, this service automates the process of vulnerability management and policy compliance across the enterprise, providing:,Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. Verizon's DOS Defense (ProQuest) service is a cloud-based Distributed Denial of Service (DDoS) protection service that provides customers the ability to detect and divert potentially malicious DoS and DDoS traffic away from their network, thus allowing them to ensure the availability of their Internet resources for legitimate users. DOS Defense (ProQuest) is composed of two service types:,With DOS Defense customers can benefit from:,Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. Verizon Managed Email Content service, utilizing Skeptic™ technology, powered by MessageLabs, acts as a customer's first and strongest line of defense against viruses, spam, and unwanted e-mail content. By scanning e-mail at the network level, Managed Email Content can eliminate security threats before they reach their intended destination. And because Managed Email Content requires no additional hardware or software, it ensures 100-percent virus protection without the need for upgrades or patches. Managed Email Content offers customers four solutions:,Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. The Verizon Fraud Management (VFM) service is designed to review high volumes of medical claims transactions to identify specific healthcare provider and patient behavior patterns that have a negative impact on program expenditures and costs. The patterns can include undesirable behaviors such as payment fraud, propensities for higher utilization frequencies, and large monetary transactions aggregated over time. Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. Firewallservices provide monitoring activities including the processing of firewall logs in real time to identify potential security threats. It measures availability and health of the firewall and escalates security and health incidents to initiate remediation. Management activities include troubleshooting and maintenance of the software configuration and rule set. Application Level Firewall - Can only be sold together with Application Vulnerability Scanning Application Level Firewalls help protects web applications from attacks that aim to exploit vulnerabilities in business critical applications. Threats against the web infrastructure are monitored and escalated in real time for immediate action. The service provides software updates and implements policies that improve threat protection. Proxy Server Proxy Servers processes client's web requests per a defined security policy. The device is located between the customer's internal network and the internet gateway, and the service forwards the requests to the Internet or denies them. The proxy server provides policy enforcement, user tracking, and caching capabilities. The following modules can be added as plug-ins: anti-virus, anti-spam, and content screening. Router (Non Standard Offering - Requires Product Council Approval) Router service forwards IP packets and provides connectivity internally and externally with other enterprise networks or the Internet. Service is Limited to Monitoring only. Monitoring and Management requires Product Council approval. Network Switch (Non Standard Offering - Requires Product Council Approval) The service monitors the switch logs for security events and escalates health and security incidents. Service is Limited to Monitoring only. Monitoring and Management requires Product Council approval. VPNManages SSL or IP Sec devices which are used to establish, manage, monitor, and terminate VPN tunnels according to a customer defined policy. Network Intrusion Detection (NIDS)/Prevention (NIPS) System NIPS/NIDS monitors the alerts generated from NIDS/ NIPS sensors located on the LAN segment behind the corporate firewall. Suspicious or malicious traffic can generate alerts and be allowed to pass through or be dropped according to the security policy. The monitoring service analyses the NIDS/NIPS security alerts and performs filtering, classification and correlation to prioritize and escalate security incidents. The signatures of the NIPS/NIDS sensors are kept up to date to maintain a strong security posture. NIDS external sensors are located in front of an Internet facing firewall. The availability of health of the sensor is monitored, alerts are stored, but it does not generate or escalate incidents. Host Intrusion Detection (HIDS)/Prevention (HIPS) SystemsManaged HIDS/HIPS can be installed on servers and clients to operate at the host level to identify and deny potentially malicious activity. Policies can be unique or grouped together and customer specific thresholds are defined. Two types of escalation services are available: full escalation and threshold escalation:,Unified Threat Management (UTM) or Security Appliance UTM monitors and manages multiple security functions such as Firewall, VPN, IPS, Content Filtering and AV/AS through one device. The service operates in the same manner as the individual security devices. Email Security Gateway (replaces Gateway Anti-Virus)Email Security Gateway includes anti-virus filter and e-mail encryption functionality. An anti-spam plug-in is available as an option. Content ScreeningContent Screening is deployed at the Internet Gateway of the network via an appliance or software. It includes scanning and processing of web, e-mail and IM traffic to detect inappropriate content and information leakage defined by the security policy. Log Monitoring and Management (Replaces Application Log Monitoring and Management)Log Monitoring and Management provides automated and centralized collection, current and historical analysis, comprehensive reporting, secure archiving, and retrieval of logs sourced from operating systems, web servers, database servers, and specific windows applications such as AD, DNS, DHCP. Load BalancersEncryption and decryption of SSL sessions for secure web applications can be terminated on the load balancer instead of the web server. Load balancers provide an additional layer of security since Internet clients will not directly connect to the end applications, and may have security-specific functionalities like web application and regular firewalling. Endpoint SecurityEndpoint Security solutions provide several combined protection mechanisms directly to the desktop/laptop using centrally managed endpoint agents. The protection mechanisms can provide services such as anti-virus, anti-spam, personal firewall, encryption or mechanisms which control whether or not peripheral devices can be connected to the endpoint (e.g. printers or USB-sticks). An Endpoint Policy Manager collects security logs from the various endpoint agents and manages centrally common enforced policies. Advanced Threat ProtectionAdvanced Threat Protection leverages Verizon threat intelligence and FireEye's Web Security, Email Security, Malware Protection Cloud and Central Management System to:,Advanced Threat Protection services based on FireEye devices will help to protect customers against advanced persistent cyber threats. Verizon will monitor specifically for traces of activity of malware that are linked to advanced persistent threats and will provide in-depth knowledge of threat intelligence. The devices will reside inside the perimeter to detect and block indicators of compromise. Customers will benefit from Verizon's highly experienced and knowledgeable team of security experts and will receive security incidents with actionable intelligence. File Integrity and Policy Compliance MonitoringFile Integrity and Policy Compliance Monitoring tools are used by organizations to provide configuration control that combines file integrity monitoring with comprehensive compliance policy management to protect, detect, and correct IT systems throughout the enterprise. Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. Managed Web Content acts as a customer's first and strongest line of defense against viruses, spyware, and unwanted web content. By scanning Internet traffic at the network level, Managed Web Content can eliminate security threats before they reach their intended destination. Because Managed Web Content requires no additional hardware or software, it ensures web protection at a low total cost of ownership, without the need for maintenance, upgrades, or patches. Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. Contact your Account Manager for more Details,When security threats arise, fast response is critical, not only to containing risk and stopping unwanted activity, but also to protecting sensitive data and preserving evidence. Often, the competency and speed with which an event is handled can make as many headlines as the event itself. The best defended businesses are those that prepare for the unexpected and are supported by professionals who can react quickly, in the face of the worst. With the Verizon Rapid Response Retainer service, you have access to the right expertise - when you need it the most. Rapid Response Retainer customers benefit from:,Trust us to hit the ground running if a security threat affects your organization, because the proficiency with which you respond to threats can affect the level of your customers' confidence and trust. Refer to for additional details along with rates and charges. Please contact your account manager or for more information. Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Business representative for service availability. The Verizon Security Management Program (SMP) is a programmatic information security assessment program that validates an organization's security posture against a set of ISO 27002-based security controls. 