feature

1. Apps built for cloud-specific risk
   This App has been developed based on the risk countermeasures specific to cloud services, as described below, and implements countermeasures against not only external attacks but also incidents that may occur due to users.
   • account hijack
   • Vulnerable API use
   • Data exfiltration/exfiltration due to easy external data sharing model
   • Difficult to visualize with service provisioning model
2. Integrated management of multi-cloud and hybrid environments
   In conventional security operations, alert management and monitoring were performed on the management screen of each product, but by utilizing Splunk, a single product can be used in a hybrid environment with multiple public cloud services and on-premises environments. Alert aggregation and integrated monitoring are possible, enabling efficient security operations.
3. Flexible customization of detection logic according to your requirements
   Since this App is developed based on Splunk Enterprise, it is possible to flexibly customize the detection logic and dashboard. It is possible to implement detection logic that responds to company-specific security risks that cannot be covered by cloud-native security services provided by public cloud service providers.

function

1. Correlation detection rule
   Storage, compute, IAM, and network, which are the main services of public cloud services, hold a lot of important information such as account privileges, so it is necessary to prioritize security measures. This App develops correlation detection rules and dashboards for each of the above four major services.
2. Alert response management mechanism
   Effective alert response management mechanisms and dashboards, such as alert tracking (owner assignment/status management, etc.) mechanisms, automatic assignment of alert priorities, and multi-faceted filtering, are used to quickly respond to alerts without waste. It is installed initially.
3. Detailed analysis dashboard group
   A number of dashboards are initially installed that enable analysis from various perspectives required for SOC operations.

price

This App will be provided as a package service that bundles initial installation work and first year support. The pricing model has the following characteristics:

1. Pricing that does not depend on ingested log volume
   It is determined based on the number of correlation detection rules to be implemented and the number of target public clouds. Therefore, the log volume ingested is not linked to the price.
2. 立ち上げ時の導入作業をバンドルした価格
   迅速なSIEM運用立ち上げのため、以下の導入/実装作業を弊社にて代行します。上記金額には各種作業代行費用が含まれています。

*The prices shown above do not include tax.

*The above prices are based on the premise of implementation for remote work (using VPN or remote desktop). (If on-site work is required, individual quotations will be provided.)

*App/solution customization is not included in the above services. (If necessary, please purchase the "Dashboard Creation Pack" separately.)

* Tuning of detection rules after completion of initial implementation and initial tuning is not included in the above service range. (If necessary, please purchase the "Dashboard Maintenance Pack" separately.)

Macnica networks will continue to work to help our customers improve their security measures.

*Overall image of Macnica networks' Splunk-related services