Custom Application Protect
Table of contents
Introduction
An IT department supports a company’s employees by managing and providing the applications that they use on a daily basis. Downtime caused by a security incident or data leakage of data that resides in these applications can be very impactful. With SIEM App Protect your applications will get monitored and secured by Wortell Managed Detection and Response.
Both, classic applications as well as cloud applications can be protected by Wortell. Wortell uses Azure Sentinel as SIEM.
SKU’s
Feature | Custom Application Protect |
---|---|
Connecting applications to SIEM | + |
Custom use-cases for applications | + |
Compliant with NEN & ISO | + |
24/7 alert and incident follow-up | + |
Features
Connecting applications to SIEM
When building security use-cases or dealing with a cyber security attack, it is important to have log data available in a searchable manner. A SIEM solution is a solution that allows for storing log data and executing intelligent queries to analyze the log data. Applications will be connected to Azure Sentinel. In order to connect applications to Azure Sentinel, it is required that the applications are compatible with one of the following Azure Sentinel Log connector solutions:
- An application native Azure Sentinel connector
- Syslog
- CEF (Common Event Format)
- Custom log files (collected through the Log Analytics Agent)
Connecting new applications happens from time to time. Activities to onboard new
Custom use-cases for applications
As applications are connected to Azure Sentinel it is possible to create use cases (detections and response actions needed to mitigate the incident) for this application. Wortell has a standardized approach in defining, creating and testing use-cases. With this standardized approach, Wortell will guide the customer in defining good and meaningful use cases.
Usecases created for applications are tailormade and customer specific. Mitigating incidents triggered by these kind of use-cases is the responsibility for the customer.
Creating new applications happens from time to time. Activities to onboard new applications into the SIEM will follow a request for change process is invoiced separately.
Compliant with NEN & ISO
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS). Using it enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties.
24/7 alert and incident follow-up
Wortell will follow up application-related alerts by forwarding them to the application operator. This could either be the customer itself or a partner of the customer who is operating the application.
Cost Calculation
Once per month all connected applications will get counted. The price is per application per month.