Booma Shield is a cloud-based Security and Compliance Monitoring Service that combines Technology, People and Process to deliver Enterprise Class security and compliance services to customers for one low monthly subscription fee.
Think of Booma Shield as your very own full-service cyber defence system. We monitor your computer and network devices so you can focus on delivering your products and services to your customers.
The Booma Shield Service utilises certified approved technology to collect and analyse log data that is generated from devices within the customer’s IT infrastructure.
The Booma Shield Customer Portal allows partners and end-customers to view dashboards and reports. The portal screen is customisable to display specific datasets and offers drill-down into data, incident management, operational and compliance reporting.
Security analysts based in the Booma Shield Security Operation Centres analyse security incident and event information to identify threats and potential compromises. They investigate incident cases which are trigged by the SIEM technology and enrich incident information with 3rd Party Threat Intelligence data to further improve the identification accuracy of potential cyber security risks and compromise within the end-customer environment.
Incident cases are created by robust rulesets which trigger on correlations of well-defined Indicators of Compromise (IOC). The cases generated include a description of the security threat along with all the supporting evidence pulled from raw message logs and supporting correlated events.
Using a combination of industry recognised Incident Management work-flow processes based on NIST, MITRE, and SANS best practice, analysts investigate the Incident Cases which are automatically generated by the SIEM engine. Specific information is identified by analysts and documented within the case notes as well as detailed, step- by-step, procedures that need to be followed to remediate the security incident. Each incident is then prioritised/scored based on information from our Threat Intelligence feeds and any Incident that is not marked as a false positive is sent on to the customer for follow-up/remediation.
The Booma Shield SOC is available 24x7x365 via web portal, email and phone for any required follow-up or questions on Incident Cases.