Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
TOP
Products/Services
Specifications/Technical Information
solution
User stories
support
Seminar content
Evaluation machine application/FAQ
Document request
inquiry
Event/Seminar
video on demand

Splunk

Splunk

Detect attacks targeting public clouds and centrally manage multi-clouds Cloud Security Monitoring App

"Cloud Security Monitoring App" is a SIEM-App for Splunk Enterprise equipped with a set of functions and mechanisms required for SIEM in order to deal with the latest cyberattacks on public cloud services that are rapidly increasing in use.
By using this App, you can implement and tune advanced detection rules, manage alerts, and conduct post-detection investigations, making it possible to quickly launch SIEM operations necessary for cloud security measures.

It is possible to implement detection logic that responds to company-specific security risks that cannot be covered by cloud-native security services provided by public cloud service providers. Recommended for companies that use multiple public cloud services.

feature

  1. Apps built for cloud-specific risk
    This App has been developed based on the risk countermeasures specific to cloud services as described below, and implements countermeasures against not only external attacks but also incidents that may occur due to users.
    • account hijack
    • Vulnerable API use
    • Data exfiltration/exfiltration due to easy external data sharing model
    • Difficult to visualize with easy service provisioning model
  2. Integrated management of multi-cloud and hybrid environments
    Efficient security operations can be realized by realizing alert aggregation and integrated monitoring of multiple public cloud services and hybrid environments with on-premises environments.
    Integrated management of multi-cloud and hybrid environments
  3. Flexible customization of detection logic according to your requirements
    Since this App is developed based on Splunk Enterprise, it is possible to flexibly customize the detection logic and dashboard. It is possible to implement detection logic that responds to company-specific security risks that cannot be covered by cloud-native security services provided by public cloud service providers.

Main function

Equipped with three function groups initially

  1. Correlation detection rule
    The major services of the four public cloud services below contain a lot of critical information, and security measures should be prioritized.
    • storage
    • Compute
    • IAMs
    • Network
    Our Apps develops detection logic and dashboards for each of the four main services.
  2. Alert response management mechanism
    Effective alert response management mechanisms and dashboards, such as alert tracking (owner assignment/status management, etc.) mechanisms, automatic assignment of alert priorities, and multi-faceted filtering, are used to quickly respond to alerts without waste. It is installed initially.
    Alert response management mechanism
  3. Detailed analysis dashboard group
    A number of dashboards are initially installed that enable analysis from various perspectives required for SOC operations.
    Detailed analysis dashboard group

price

Pricing that does not depend on ingested log volume
It is determined based on the number of correlation detection rules to be implemented and the number of target public clouds. Therefore, the log volume ingested is not linked to the price.

立ち上げ時の導入作業をバンドルした価格
迅速なSIEM運用立ち上げのため、以下の導入/実装作業を弊社にて代行します。上記金額には各種作業代行費用が含まれています。

Simple package Standard package
menu
  • Select 10 from the monitoring rule list for one public cloud
  • Data integration from one public cloud
    • Azure (ASC, Activity Log, Azure AD)
    • AWS (Cloudtrail, AWS config, GuardDuty)
  • Implementation work period: 6-10 weeks
  • Select 10 from the list of monitoring rules for 2 public clouds
  • Data integration from two public clouds
    • Azure (ASC, Activity Log, Azure AD)
    • AWS (Cloudtrail, AWS config, GuardDuty)
  • Implementation work period: 8-12 weeks
standard price

Estimate each time

  • Including first year support and implementation agency fee
  • Prerequisite for remote work

Estimate each time

  • Including first year support and implementation agency fee
  • Prerequisite for remote work
  • Implementation of the monitoring solution
    • Cloud Security Overview Dashboard
    • アラートマネージャーApps
    • 10 selected monitoring rules
    • Initial tuning work for optimization of implemented rules
    • Provision of documents (system operation manuals)
  • Support contents of this service
    • Troubleshoot dashboards, alert managers, and rules
  • The prices shown above do not include tax.
  • The above prices are based on the premise of implementation for remote work (use of VPN or remote desktop). (If on-site work is required, individual quotations will be provided.)
  • App/solution customization is not included in the above services. (If necessary, please purchase the "Dashboard Creation Pack" separately.)
  • Tuning of detection rules after completion of initial implementation and initial tuning is not included in the above service range. (If necessary, please purchase the "Dashboard Maintenance Pack" separately.)

This App will be provided as a package service that bundles initial installation work and first year support. The pricing model has the following characteristics:

Document request
Inquiry
045-476-2010
045-476-2010
月~金 8:45~17:30
Inquiry
inquiry
Please feel free to contact us
Free seminar
Free seminar
Click here for various seminars
Document download
Document download
Click here for various materials

Inquiry/Document request

In charge of Macnica Splunk Co., Ltd.

inquiry Document request

Mon-Fri 8:45-17:30