Our Security Information and Event Management (SIEM) + Security Operation Center (SOC) services provide a comprehensive monitoring solution.
What are the benefits?
Spend Less, Secure More
GCI provides a fully-managed cloud-based or on-site service with full responsibility for the deployment and integration into the client’s environment.
We maintain the service through ongoing fine-tuning of rules-bases and customized rule creation for enhanced threat detection. Events are automatically correlated and analyzed using an industry-leading SIEM platform supplemented by open-source, commercial, and GCI proprietary toolsets for indicators of attack and compromise along each of the stages of the cyber kill-chain.
For organizations requiring log collection and storage, our service collects, classifies, and aggregates events and archives these in our cloud platform or local data center for up to 1 year. Historical data can be made available on request to aid the client’s investigations into incidents.
Key Technical Components
- Log and event collection by GCI Managed Threat Detection Platform
- Log storage for 1 year
- Log and event correlatio and aggregation with automated advanced attack analytics
- Retrieval of historical log data as requested
- Ongoing tuning of the log collection platform
- Access to Threat Advisory Services and full vulnerability database
- Use of proprietary and commercial reputation lists to track communication with potentially
- malicious IP addresses
- Use of proprietary and commercial malware analysis databases to identify malware
- Access to web-based console
- Access to pre-defined SIEM reports
- Compliance reporting against supported compliance frameworks
- Communication details of any compliance violations