Corporate IT Cyber Security
Security Incident and Event Management (SIEM)
Constantly monitor active and emerging cyber threats, aligned to your business context.
Tap into the latest threat intelligence.
SIEM is a key component of our Security Operations Centre (SOC) service.
Peloton uses Microsoft Sentinel, a best-in-class Security Information and Event Management (SIEM) solution, as our core threat detection tool.
Powered by a strategic partnership with FalconForce, the detection content is selected and tuned for each unique environment. This world-class detective capability is further enhanced by integration with industry-leading Threat Intelligence sources to keep a pulse on active and emerging cyber threats.
Why use Security Incident and Event Management (SIEM)?
Cloud-native SIEM backed by the availability and scale of Microsoft Azure
Peace of mind knowing our world-class detections (using FalconForce) will spot potential threats
Deep integration and meaningful tuning to each unique environment
What to expect with Peloton Security Incident and Event Management (SIEM)
Peloton’s best-in-class cyber security defensive specialists who have built a library of over 200 customised detections to amplify our ability to detect potential threats to your environment.
In deploying the Security Incident and Event Management (SIEM) solution in your environment:
- Microsoft Sentinel cloud-native SIEM is deployed directly in your existing Azure tenancy
- You can take advantage of existing Microsoft E3/E5 licencing to ingest data from Microsoft ecosystem products
- We only ingest what’s needed from your technology stack to keep costs down
- We integrate existing Threat Intel into your Sentinel instance
- Each detection deployed to Sentinel is tuned to your context and environment
The Peloton difference
Deep understanding of your environment
Peloton seeks to understand your business and its context, technical systems, critical applications, and processes.
Highly relevant implementation
Instead of using Sentinel as a log aggregator, we build the most meaningful SIEM platform by applying a security lens from our deep knowledge of the industry. We ingest only the data that needs to be ingested and tune out the noise.
We keep you abreast of the latest threats
Through our strong industry relationships and constant monitoring of breaking news and current events, we help keep your people and your business safe from cyber threats.
Frequently Asked Questions
A Security Incident and Event Management (SIEM) service provides a solution for threat detection, risk prevention and cyber security best practices. It is necessary in today’s cyber security landscape to help organisations detect and respond to security threats in real-time.
The overarching advantage of SIEM is the ability to perform quick, accurate detection and identification of security events that help avert cyber disasters by alerting analysts to impending attacks.
SIEM can be combined with Security Orchestration Automation and Response (SOAR) for additional benefits.
- Real-time visibility throughout the environment
- Faster, more efficient SecOps
- Solution for centralised management of disparate systems and log data
- Reduce false positive alerts
- Decrease mean time to detect (MTTD) and mean time to respond (MTTR)
- Data collection and normalisation to allow for accurate and reliable analysis
- Ability to map operations with existing frameworks such as MITRE ATT&CK for ease of access and searching across raw and parsed data
- Better network visibility with real-time visibility and pre-built compliance modules means you can ensure compliance adherence or improve compliance.
- Dashboard customisation and effective reporting
SIEM is a data aggregator that puts together, stores and categorises enormous amounts of data making it accessible for your SOC team to delve into and analyse security breaches in minute detail. It applies statistical techniques and correlation rules to extract useful, actionable information from multiple events worth of data and numerous log entries. The system consolidates logs into separate categories to differentiate between true positive or false positive alerts and successful or failed attempts for cyber-attacks.