Security posture is a concept that has changed very little through time. Protect all sides, restrict access, monitor your surroundings and test your fortifications. Protecting the perimeter and restricting access are simple, but they aren’t enough. Blind spots are the Achilles heel of any security practice be it physical or digital. In the ever-evolving world of cyber-security it’s not enough to just throw up a firewall or enable Two Factor Authentication, monitoring is essential. A SIEM can help bridge the gap in what you know and what you don’t, but what happens when a SIEM is just a SIEM?
Your SIEM gathers vital information from your network and alerts you to potential security threats, it can even take some actions to help mitigate a threat, but at the end of the day a SIEM can only see what you show it. It can’t see beyond your network, it can’t tell you what others in your position are seeing or doing. A SIEM is a king sitting in his castle getting information from his soldiers inside the walls, this does little good against the advancing army outside.
A Watchtower stands above the perimeter, improving visibility, removing blind spots, and providing a strategic advantage to the overall security posture. Redlegg Watchtower is no different. Redlegg Watchtower goes beyond your security posture and correlates alarm activity to other Redlegg clients allowing us to detect threats and respond faster with better intelligence.
Watchtower is a case management system that allows Redlegg MSS to track and correlate emerging threats within a client environment, across clients, and across industries, all while keeping client data separate and secure. Building off of our Standard Rule Package, Watchtower employs a series of built in Analyzers to gather a myriad of useful information about alarms in seconds allowing our Analysts to focus on interpreting that data rather than digging for it. Previously identified information and threats are tracked and correlated by Watchtower to further improve the analyst’s ability to correlate and identify trends.
Watchtower is the new standard in SIEM Management and is already in place for all Redlegg MSS customers. Watchtower additionally feeds information into our in-house threat intelligence feed that is available for customers to subscribe to. This internally maintained threat intelligence feed allows us to adjust based on what we are seeing directly in our client environments, in conjunction with emerging threats identified by our in-house threat research team.
Redlegg Watchtower is simply the next step in our holistic approach to improving the overall security of our clients. It is a framework of tools all working in unison to help you see beyond the walls and eliminate the blind spots.