Managed Security
Managing Security with Automation
Mayfield can manage a customer’s existing environment using SOAR capabilities. We can monitor and automate response to incidents using the latest technologies in security automation. A combination of human and machine learning capabilities can enhance protection for any organization.
Using Splunk and Palo Alto Network platform, we offer the following manages services offerings:
Managed Security Services (MSS): This is a fully managed security service that provide 24/7 monitoring and management of security devices, including Palo Alto Networks’ own security products. This service is aimed at organizations that want to outsource the day-to-day management of their security infrastructure to experts.
Threat Monitoring and Response: Mayfield’s managed services include continuous monitoring for threats and immediate response to security incidents using Palo Alto Network’s Cortex Ecosystem. Security experts analyze security data and alerts to identify and mitigate threats in real-time.
Incident Response Services: Mayfield provides incident response services to help organizations respond to security incidents effectively. This includes investigating security breaches, containing threats, and restoring normal operations.
Policy Management: Managed services often include policy configuration and management for Palo Alto Networks’ security devices. This ensures that security policies are properly configured and updated to respond to changing threats.
Compliance and Reporting: Mayfield managed services can assist organizations in maintaining compliance with industry regulations and standards by providing reporting, audit support, and compliance assessments.
Security Consulting: Mayfield offers cybersecurity consulting services to help organizations assess their security posture, design a security strategy, and implement Palo Alto Networks’ security solutions effectively.
Cloud Security Management: With the rise of cloud-based applications and infrastructure, Mayfield uses Palo Alto based Prisma platform to provides services to manage security in cloud environments, ensuring the protection of data and workloads.
KEY FEATURES
Integrations
These services are often designed to work seamlessly with Palo Alto Networks' own security solutions, such as the Palo Alto Networks Next-Generation Firewall (NGFW), Prisma Cloud, and Cortex XDR, to create a unified and integrated security ecosystem.
Automated Security Playbooks
Managed services may include automation and orchestration of security processes, helping organizations streamline security operations and response.
Threat Intelligence
The platform supports the ingestion and enrichment of threat intelligence feeds, providing security analysts with up-to-date information to make informed decisions during incident response.
Customization
Managed services are typically tailored to meet the specific needs and requirements of each organization, ensuring that the services align with their unique security challenges and goals.
SOC as a Service
Detect and stop the most advanced cyberattacks using Mayfield’s vSOC. vSOC provides a comprehensive, holistic and scalable solution for managing security, performance, and compliance from IoT to the Cloud.
Our ready state vSOC, can collect and process security information and events on Day 1. For many clients, time is of essence value and the Mayfield team can simplify the process of onboarding and customers are under no obligation to purchase new hardware or software. Our highly customized state-of-the-art, big data, cybersecurity analytical and alerting service comprises of advance correlation and machine learning engines powered by Mayfield expertise in forensics and malware analysis. Mayfield’s SIEM can be deployed quickly on a private cloud hosted by Mayfield or complement an existing SIEM solution for additional visibility and customization of use cases.
vSOC Features
24x7x365 Mayfield hosted managed advanced threat monitoring that leverages
Asset Management
Firewall, Network and Endpoint Management
Security Information and Event Management (SIEM)
Vulnerability Management
Active Threat Hunting & Incident Management
Machine learning and analytics
Threat Intelligence & Leading-Edge Threat Modelling Techniques
Dark Web Monitoring
Managed Cortex XDR
User and Entity Behavior Analytics
Advanced correlation and use cases with Personalized Risk Dashboards
Network Traffic Analysis (leveraged with Managed NGFW)
Mayfield’s vSOC is a simple, affordable and easy to deploy architecture that would easily fit into many existing environments with minimal changes.
Our vSOC service provides:
Scalability
Solution is scalable to support small or large clients.
Easy Integration
support for most devices, applications and 3rd party feeds.
Visibility
obtain a full view of devices, systems, traffic, threats and more.
Actionable
customizable reports for security and compliance to identity root causes of threats and remediations.
Customization
on top of our built-in use cases, some clients require custom use cases to support their view and our vSOC offers this capability.
Managed SIEM
Security Incident and Event Management (SIEM) solutions are not meant to function as preventative technologies against threats.
However, a comprehensive SIEM-based approach increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior.
To be effective, a SIEM needs a source of high-quality data and knowledge of what to look for. Several data sources exist including system logs, Windows AppLocker, endpoint security solutions, and SIEM agents deployed on the endpoint.
Knowledge of what to look for comes from an understanding of the ransomware’s goals and the steps necessary to achieve them. Ransomware attacks can be identified using indicators that appear in the early, middle, and late stages of an attack. Mayfield assists clients with managing existing on-prem or cloud based SIEM solutions to enhance the level of logs collected and build important use cases to provide reporting.
To detect malicious activity within an environment, it is necessary to lay the groundwork first. Some best practices to leverage your existing SIEM to detect ransomware include:
Collect Event Data from All Computers
Ransomware requires access to event data from all computers and especially workstations. Workstations are the easiest devices for cybercriminals to compromise and can act as an early warning system.
Use SIEM to Aggregate Alert Data
While different security solutions provide useful insights, they lack context. Collecting security data in one place supports analysis and advanced analytics.
Baseline “Normal”
Not all malware is detectable using signatures. Knowing what “normal” looks like on a network is essential to identifying the anomalies created by an attack.
Lay Traps
Differentiating true attacks from false positives can be complicated. Creating tripwires and other traps can help with detecting an attack.
Look for IoCs
IoCs from a threat intelligence feed can be essential for detecting the latest cyber threats. Select a SIEM capable of ingesting and using this data.
Perform Analytics
Data analytics like searching for unusual connections or looking for ransomware’s anomalous file activities can help to detect attackers on the system. Look for the event patterns that attackers create while achieving their objectives.
How can you leverage your SIEM as part of your Zero Trust strategy?
Managed Threat Hunting
Managed Cybersecurity Threat Hunting is a proactive approach to identifying and mitigating potential security threats within an organization’s IT environment.
Outsourcing Cybersecurity Threat Hunting to Mayfield is especially advantageous for organizations lacking the resources or in-house expertise for proactive threat detection. This approach allows them to leverage Mayfield’s cutting-edge technologies, experienced analysts, and a persistent commitment to enhancing security measures.
Benefits to Clients:
1. Comprehensive, practical support for security operations and incident response provided by experts from Mayfield.
2. Effective incident resolution using Cortex XDR and XSOAR ecosystem
3. Thorough root cause analysis and post-incident reviews, fully documented.
4. Detailed guidance on future actions with recommendations for policy configuration.
Contact Us
Canada
2 Robert Speck Pkwy, 750,
Mississauga, ON
L4Z 1H8
10665 Jasper Avenue, 14th Floor
Edmonton, AB
T5J 3S9
USA
1600 Golf Road,
Rolling Meadows
60008
Use the contact form to reach us out for any questions or inquiries!
For any immediate requirements, feel free to call one of our experts directly (844) 629-7321