Technologies such as EDR and NDR are very important for the management of threats in cyber security. Many manufacturers offer their own products and solutions in these areas. In fact, XDR (Extended Detection and Response) approaches, which involve the cooperation of EDR and NDR products with other security products, stand out as the preferred technologies by companies.

With its MDR (Managed Detection and Response) service, unicons monitors the EDR and NDR systems of its customers 24×7, analyzes the alarms, removes false positives, reveals real threats, and informs the customer to eliminate these threats. Based on the terms agreed, unicons takes threat-eliminating response actions*. These actions are provided by the capabilities offered by the EDR/NDR/XDR platforms used by our customers.

*: Response actions are taken depending on the permissions approved by our customer.

Supported Products: Microsoft Defender Family, Vectra AI NDR

SIEM solutions are basically the systems that enable the collection of security logs from all the log sources of a company’s IT assets. Those collected logs are used for 2 main purposes. First, SIEM is a central repository for all the logs, and secondly, these logs are very useful to detect threats against a company.

One of the most important benefits of SIEMs is to reveal the threats that cannot be detected from the logs in a single source but can be detected by evaluating the logs from more than one source together, by making correlations over these collected logs. Due to many corporate policies and regulations such as 5651, some logs need to be kept for certain periods and used in a way that can produce reports in reasonable time if requested by legal authorities. SIEM products also ensure compliance with such regulations by ensuring that the integrity of the logs is not compromised, thanks to their centralized log management capabilities.

unicons SIEM Installation and Configuration Service ensures that we design the appropriate topology for the SIEM products, determines the necessary system resources, installs and configures the SIEM products, ensures that the logs are integrated into the SIEM, and the collected logs are parsed correctly. It also includes configuring ntp, snmp settings, backup settings and installation of HA (high availability) environments depending on purchased licenses. The service is delivered by the completion of the initially agreed installation and configuration plan.

Supported SIEM products: IBM Security QRadar, Microsoft Azure Sentinel, OpenText ArcSight

It is a service that includes troubleshooting and offering solutions for technical problems that arise for SIEM products supported by unicons. If unicons experts cannot solve the problem, we create a support ticket in vendor’s support portal. In this service, SIEM management is at the customer’s disposal. In case of a technical problem, the customer must reach unicons and create a support ticket. Technical support is provided by unicons after receiving the support ticket.

Technology is developing very fast and SIEM products are updated at the same speed, and they gain new capabilities very frequently. It is becoming more and more difficult to manage all security products used by even a medium-sized company with internal human resources, to intervene in technical problems and to produce solutions. For this reason, SIEM Technical Support Service or Managed SIEM Service, stands out as a highly preferred services for our customers.

Supported SIEM products: IBM Security QRadar, Microsoft Azure Sentinel, OpenText ArcSight

Technology is developing very fast and SIEM products are updated at the same speed, and they gain new capabilities very frequently. It is becoming more and more difficult to manage all security products used by even a medium-sized company with internal human resources, to manage SIEM products, to troubleshoot technical problems and to produce solutions. unicons offers, managing SIEMs on behalf of our customer, making configuration changes, product version updates, troubleshooting, and producing solutions for technical problems, registering a ticket, and following up with the vendor for unresolved problems, providing new log integration requirements, designing new reports requested by customer. It also covers the services such as making periodic health checks.

Managed SIEM Service is a service that allows our customers to use SIEM systems using only read/only accounts, and all necessary SIEM management is done by unicons and reported to our customers monthly.

Supported SIEM products: IBM Security QRadar, Microsoft Azure Sentinel, OpenText ArcSight