Blumira’s SIEM and XDR solutions provide thoughtfully crafted automated detections and security recommendations seamlessly integrated into the platform. The incident detection team tirelessly perfects these automated findings, ensuring any user can easily investigate them.
Sometimes customers need additional guidance investigating an incident. This is where Blumira’s Security Operations team provides their expertise. They excel at security incident investigations and clear communication. The team ensures customers understand the raw data by explaining it in relatable terms, and providing abundant relevant details to resolve investigations smoothly.
I wanted to share some recent examples that demonstrate the tremendous value our Security Operations team brings to our partnerships. Having an experienced security team as an extension of your own is a major advantage in the SIEM market.
We discovered one financial customer was targeted by an attacker in Ireland attempting to access their internet-facing conferencing server. We rapidly identified the geographic source and recommended geo-blocking Ireland, assuming it would not affect business.
This evolved into a more nuanced geo-blocking policy, shrinking the attack surface. We also prioritize finding any high-severity vulnerabilities on exposed servers or software. While internet scanning occurs constantly, some require joint prioritization based on exploitable vulnerabilities.
Seeing threats like password spraying in our alerts compels us to proactively reach out to customers and offer assistance or additional details around the event. We love keeping our customers safe by investigating security incidents. In this case, it was a real attack. We advised the customer to immediately isolate the infected machine and reimage it.
Sometimes customers work through a finding but ask for more information via our ticketing system, which we encourage. Recently a customer asked about our detection of a domain admin account triggering daily lockouts. We happily found this was not malicious but related to a scheduled task using old admin credentials.
