Security Event Intelligence, a SIEM-based service for detecting threats

Share

Security Event Intelligence enables advanced threat detection and timely reaction to security breaches. Our managed SIEM solution ensures continuous monitoring of your organization’s security by aggregating, co-relating and analyzing event logs against our proprietary Threat Intelligence to detect any suspicious activity. Orange Cyberdefense CyberSOC analysts qualify incident alerts to ensure your team do not waste time on false positives, and provide actionable recommendations to neutralize real cyber attacks. This solution is available on a managed, co-managed (hybrid) or bespoke mode.

▪ Monitor any managed infrastructure
▪ Boost threat detection via advanced analytics
▪ Minimize false positives via industry-leading intelligence

Security Event Intelligence Orange Business Services technical diagram

Technology, expertise and threat intelligence

Security Event Intelligence is a service based on three modular components: the technical platform that collects, analyzes and correlates events (SIEM), the basis for threat detection that powers the technical platform, and the CyberSOC approach to manage and react to security alerts. 

Technical platform

Choose from a range of platform options

• Shared: our cloud-based public platform, hosted at Orange data centers
• Dedicated: fully customized platform, hosted on our or your premises
• Dedicated PDIS: an advanced platform for Operators of Essential Services

We can also provide a managed service based on your existing SIEM platform.

Detection basis

Benefit from a choice of detection mechanisms

• Standard: Global monitoring based on Orange Cyberdefense proprietary Threat Intelligence Database, aggregating public and private feeds from 500+ sources including weak attack signals from our global internet backbone

• Bespoke: Advanced options for a customized solution
- Targeted monitoring of threats to your business based on systems criticality and your specific vulnerability context
- Detection of zero-day attacks via user behavior analytics, network traffic and behavior analytics powered by Artificial Intelligence and Machine Learning technologies
- Improved response effectiveness via security orchestration and automation solutions

Alert management

Incremental service levels to suit your needs

• Online alert reports: manage alerts generated by the platform via our user-friendly web interface
• Analysis of the month’s alerts and macro action plan: understand incident trends and increase your cyber resilience with expert advice on an ongoing basis
• Qualification of alerts in real time: actual alert or false positive? Ensure your teams focus their time on actual security incidents with 24/7 monitoring from our CyberSOC
• Detailed analysis of alerts and action plan per incident Maximize your response effectiveness with comprehensive incident analysis and actionable recommendations

Support by our CyberSOC experts

Our four Orange Cyberdefense CyberSOCs pool cybersecurity expertise from across the globe. Benefit from our experience safeguarding over 720 multinational customers, including the Orange Group. ▪ 27 billion correlated security events per day ▪ 1500 qualified security incidents managed per month Our dedicated Security Managers advise you on the outcomes of the monitoring service provided, identifying actions and solutions to continuously improve your cyber resilience.

Real-Time Threat Intelligence

Orange Cyberdefense collects information on cyber threats from public and private sources worldwide. Additionally, as a network operator, we have visibility of the first signs of attack. This information is verified and correlated in real-time against security logs to minimize false positives, thoroughly qualify incidents and ensure you do not miss real threats. Our proprietary Threat Intelligence at a glance: ▪ 550M+ malwares ▪ 12M+ entries ▪ 600+ sources ▪ Plus exclusive direct flows from our Epidemiology Lab, Next-Gen sandbox, Network Backbone and public email inboxes (APT)

Expert Managed Detection and Reaction

In addition to Security Event Intelligence, you have the option to sign-up for our Computer Security Incident Response Team and other Threat Intelligence Services to complete your threat management measures. Our Security Response team offers fast support on-site or remotely in the event of a security breach. Our experts will support you in all phases to contain and remediate threats according to agreed SLAs, orchestrating the remediation process together with your teams and other partners. We can also support you after an incident with digital forensics, post-mortem investigations, e-discovery and evidence preservation services to support legal action. Our expert teams can undertake threat hunting on latent intrusions, disrupting current threats and enhancing security measures against future ones.   Benefit from a range of other Threat Intelligence services from our cyber surveillance experts including: ▪ Digital Asset Surveillance: Internet Footprinting, Website monitoring, Blacklist monitoring ▪ Fraud Prevention: Domain name monitoring & take down, Phishing  detection & take down, Malware detection and analysis, Mobile app store monitoring ▪ Cyber content surveillance: Data misuse/contraband, Sector and targeted threats monitoring, Brand monitoring