Security Event Intelligence, a SIEM solution for detecting threats

Share

Security Event Intelligence monitors the activity of your Information System by collecting the logs of its components. These are then analyzed and correlated with each other to detect suspicious activity. In the event of an alert, the experts of the Orange CyberSOC check that the attack is real, and contact you with the information necessary to neutralize it.

Security Event Intelligence Orange Business Services technical diagram

The 3 axes of the service

The Orange Business Services SIEM solution is based on 3 axes: the technical platform that collects, analyzes and correlates events, the event monitoring strategy that defines what to monitor and how, and the management of alerts that defines how to treat them.

Technical platform

3 types of platform

• Shared : cloud platform, hosted at Orange France data centres
• Dedicated : fully customized platform
• Dedicated PDIS : plateform for Essential Operators, compliant with ANSSI : French National Cybersecurity Agency

Monitoring strategy

2 ranges available

• General-purpose: global monitoring of basic security alerts
• Customized: global monitoring of basic security alerts + targeted monitoring of threats to your business

Alert management

A choice of management levels that cumulate

0) online alert reports
1) + analysis of the month’s alerts and macroscopic action plan
2) + qualification of alerts in real time: actual alert or false positive?
3) + detailed analysis of alerts and action plan per incident

Support by our CyberSOC experts

Orange Business Services CyberSOC pools our cybersecurity expertize:
• trained experts
• Supervision, detection, reaction and anticipation

Global monitoring of cyber threats

Orange Business Services threat database collects information on cyber threats from more than 400 sources worldwide. This information is verified and correlated to correlate customer logs with global threats.

Relentless detection strategy

For each threat:
• we develop the possible scenarios and devices concerned
• we collect the appropriate logs event correlation rules and actions to take
• we establish the event correlation rules and actions to take