To ensure the security of our customers, Rendition Infosec operates a 24x7x365 Security Operations Center (SOC) in Augusta, GA. Rendition made the decision to open our own SOC after working with a number of other service providers. After being unable to find a provider that met our standards for both price and service, we opened the SOC to meet customer demand. Many customers appreciate the flexibility in procurement since all of their external security services (monitoring, pentest, incident response, etc.) are performed by Rendition. There’s no need to repeat the burdensome procurement process again and again to work with different vendors for each service.
How does it work?
For most use cases, Rendition will deploy AlienVault software to the customer environment. We have other solutions for very small (less than 25 machines) and very large (more than 35,000 machines) networks. Typically, logs are stored in the customer environment, but alerts are forwarded to Rendition’s datacenter. Rendition Infosec technicians then investigate the alerts, eliminate false positives, enrich data on true positive alerts, and escalate to the customer for resolution. When needed, Rendition can assist the customer in additional internal investigation and remediation. Rendition’s monitoring is highly flexible. We can offer all the way from firewall and system log monitoring to user behavior analytics (UBA/UBM) and everything in between. Availability monitoring, file integrity monitoring, log retention for regulator requirements, and netflow monitoring are just a few of our available monitoring products. Unlike many big box vendors, Rendition is flexible and will customize a solution for you.
How much does it cost?
The cost depends on what you want to monitor and what service level agreement you need. For extremely small customers, we can do network monitoring starting at $5,000/year. This will detect most malware command and control, some insider threat activity, and general network issues. Network and endpoint monitoring starts at $10,000 – $15,000/year. Adding endpoint monitoring increases the scope of your insider threat detection and malware detection and provides the best possible situational awareness of threats in the environment. Of course, these are just estimates for smaller environments (5-10 users). Talk to us for a more comprehensive evaluation of you environment and your needs. For larger environments, economy of scale takes over and we are usually able to get larger customers covered at a very attractive rate.
What if you detect a compromise?
Unlike many information security providers, Rendition Infosec is a full service organization. We don’t just toss alerts over the fence and say “good luck with that.” If you need help with a full scale incident response, we provide those services too. Were your endpoints encrypted with ransomware? If we can’t help recover the files through other means, we’ll proxy the ransomware payment for you (it can be really tough to get procurement to buy Bitcoin). Bottom line, Rendition will be there with you to work through the compromise.
Who is actually monitoring my network?
Rendition – and we’ll secure your network by any legal means. Rendition personnel are some of the best in the business when it comes to detecting attackers. Many of our employees honed their cyber security expertise at NSA and US Cyber Command. They know better than most what it takes to find attackers in your network and have an impressive track record for doing so. Once we find the threat, we help the organization eliminate it quickly, all the while minimizing disruption to operations.
Why should I outsource my security monitoring to Rendition? My system admins do daily log review.
First off, your system administrators aren’t really doing daily log review. Practically every intrusion case we’ve ever worked backs that conclusion. Second, your systems administrators are great at what they do – making your IT go. But they aren’t attackers and they aren’t breach investigators. Just like you don’t want a pediatrician performing brain surgery, you don’t want a systems administrator performing compromise detection (they have enough to do already and should focus on what they’re really good at). Trusting your security monitoring to Rendition puts it in the hands of experts, not amateurs. The SIEM systems that Rendition deploys correlate logs across multiple devices giving us a clearer picture of events than you can see on any single system. Finally, rather than performing daily, weekly, monthly (or never) log review, Rendition is monitoring alerts in real time, giving you the power to act before your customer data and intellectual property is stolen.