IT Security Monitoring

Our team offers deep expertise in SIEM, UBA, and SOAR.

Our Data and Analytics team have deep experience in IT security monitoring: employing SIEM, UBA and SOAR technologies, and providing professional services.


How we can assist:

Security Information Event Management

Entity and User Behaviour Analytics

Security Orchestration, Automation and Response

Frequently Asked Questions

Security Information Event Management (SIEM)

Today’s attackers are getting smarter, attacks are stealthier and the time to catch attackers before they do damage, is shrinking dramatically. Log management, event monitoring, security information and event management (SIEM) platforms have helped thwart attacks in the past, but those tools are struggling to meet the loads produced by modern data centres - and the need for quick responses to advanced and persistent attacks.

To meet this challenge, security teams are using ‘big data’ solutions to collect and analyse raw data from across the business. The most advanced security approaches rely on a single system to collect and analyse data across all IT systems. This avoids the traditional problem of having multiple, disconnected security systems. It also provides the most complete picture of your organisation’s security posture and allows you to respond quickly to both known and unknown threats.

Our team can help you:

  • Capture, monitor, and report on data from all your security devices, systems, and applications
  • Provide signature and data & analytics driven security monitoring
  • Provide risk-based security analytics and alerting
  • Identify and investigate security incidents

Entity and User Behaviour Analytics (EUBA)

Focus your analysts’ attention: Machine-learning solutions help organisations find hidden threats and anomalous behaviour across users, devices, and applications. Its data-science driven approach produces actionable results with risk ratings and supporting evidence, augmenting SOC analysts’ existing techniques.

Automate continuous learning: We can capture the footprint of threat actors as they traverse enterprise, cloud, and mobile environments, run them through its advanced machine learning algorithms to baseline, detect deviations and find anomalies, continuously. These aberrations are then stitched into a meaningful sequence over time, using pattern detection and advanced correlation, to reveal the actual kill chain, which is not only comprehensible but also immediately actionable.

Tesserent can help you:

  • Secure against unknown threats through user and entity behaviour analytics,
  • Manage insider threats,
  • Automatically find unknown threats using machine learning,
  • Accelerate threat hunting.

Security Orchestration, Automation and Response (SOAR)

Respond faster: SOAR technology enables your security teams to work smarter by executing a series of actions - from detonating files to quarantining devices across your security infrastructure - in seconds, versus hours or more if performed manually.

Communicate and collaborate: SOAR technology helps drive efficient communications across your team with integrated collaboration tools for event and case management, rapidly triage events in an automated, semi-automated or manual fashion. Confirmed events can be aggregated and escalated enabling efficient tracking and monitoring of case status and progress.

With SOAR technology, Tesserent can help you with:

  • Developing playbooks to automate security and IT actions at machine speed,
  • Security incident management,
  • Integrated threat intelligence.

Looking for more information?

Video

Data Heroes Unite

Splunk tesserent

Frequently Asked Questions

Are Tesserent Splunk Consultants certified?

Yes, all Tesserent Splunk Consultants undertake rigorous training to achieve certifications to the highest level of Splunk Certified Architect. In addition, they also undertake further training and achieve the highest level of partner accreditation of Splunk Core Certified Consultant coupled with implementation accreditations for Splunk premium applications

Can Tesserent help customers with Splunk Cloud, AWS and GCP environments?

Yes. Tesserent consultants are experienced with all Splunk deployment methods including on-premise, Splunk Cloud, AWS and Google Cloud as well as hybrid environments. In addition, our consultants can help you with migrations from one deployment method to another.

Can Tesserent supply Splunk licenses?

Yes, Tesserent is an Elite Splunk Partner and can provide you with quotes for all your Splunk licensing requirements including renewals, upgrades and new licenses.

Is Tesserent experienced with Splunk premium applications?

Yes, Tesserent consultants are experienced in deploying all Splunk’s premium applications. These include Splunk Enterprise Security (SIEM), Splunk User Behaviour Analytics (UBA), Splunk Security Orchestration, Automation and Response (SOAR), Splunk IT Service Intelligence (ITSI), Splunk PCI Compliance Suite. In addition, Tesserent consultants hold full accreditations for the implementation of these technologies with Splunk and is the only Partner accredited in ANZ to implement Splunk UBA.

Can Tesserent build custom Splunk applications?

Yes, our consultants are regularly building custom applications for customers to address a vast array of use cases from security, application delivery, IT operations, ICS environments and business analytics.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 8 min