2. Security
  3. Detect and respond

Security Event Intelligence: SIEM-based threat detection

Security Event Intelligence enables advanced threat detection and timely response to security breaches. Our managed SIEM solution ensures continuous monitoring of your organization’s security by aggregating, correlating and analyzing event logs against our proprietary threat intelligence to detect any suspicious activity. Orange Cyberdefense CyberSOC analysts qualify incident alerts to ensure that your team does not waste time on false positives and provide actionable recommendations to neutralize real cyberattacks.

The solution is available in managed, co-managed (hybrid) or bespoke mode.

  • Monitor managed infrastructure
  • Boost threat detection via advanced analytics
  • Minimize false positives via industry-leading intelligence

Security Event Intelligence

Technology, expertise and threat intelligence

Security Event Intelligence is based on three modular components: the technical platform that collects, analyzes and correlates events (SIEM), the basis for threat detection that powers the technical platform, and the CyberSOC approach to manage and react to security alerts.

 

Detection basis
Benefit from a choice of detection mechanisms

  • Standard: global monitoring based on the Orange Cyberdefense proprietary threat intelligence database, aggregating public and private feeds from 500+ sources, including weak attack signals from our global Internet backbone
  • Bespoke: advanced options for a customized solution
    - Targeted monitoring of threats to your business based on system criticality and your specific vulnerability context
    - Detection of zero-day attacks via user behavior analytics, network traffic and behavior analytics powered by Artificial Intelligence and Machine Learning technologies
    - Improved response effectiveness via security orchestration and automation solutions

Alert management
Incremental service levels to suit your needs

  • Online alert reports: manage alerts generated by the platform via our user-friendly web interface
  • Analysis of the month’s alerts and macro action plan: understand incident trends and increase your cyber resilience with expert advice on an ongoing basis
  • Qualification of alerts in real time: actual alert or false positive? Ensure your teams focus their time on actual security incidents with 24/7 monitoring from our CyberSOC
  • Detailed analysis of alerts and action plan per incident: maximize your response effectiveness with comprehensive incident analysis and actionable recommendations

 

Technical platform
Choose from a range of platform options

  • Shared: cloud-based public platform hosted at Orange data centers
  • Dedicated: fully customized platform hosted on ours or your premises
  • Dedicated PDIS: an advanced platform for operators of essential services
  • We can also provide a managed service based on your existing SIEM platform
 

 

 

Support by our CyberSOC experts

Our four Orange Cyberdefense CyberSOCs pool cybersecurity expertise from across the globe. That means you'll benefit from our experience safeguarding over 720 multinational customers, including the Orange Group.

27 billion
correlated security events per day
1,500
qualified security incidents managed per month

Our dedicated Security Managers advise you on the outcomes of the monitoring service provided, identifying actions and solutions to continuously improve your cyber resilience.

Real-time threat intelligence

Orange Cyberdefense collects information on cyberthreats from public and private sources worldwide. Additionally, as a network operator, we have visibility of the first signs of attack. This information is verified and correlated in real-time against security logs to minimize false positives, thoroughly qualify incidents and ensure you do not miss real threats.

Our proprietary threat intelligence at a glance:

550M+
malwares
12M+
entries
600+
sources
Exclusive
direct flows from our Epidemiology Lab, Next-Gen sandbox, Network Backbone and public email in-boxes (APT)

Expert managed detection and reaction

In addition to Security Event Intelligence, you may consider our Computer Security Incident Response and other threat intelligence services to complete your threat management measures. Our Security Response team offers fast support on-site or remotely in the event of a security breach. Our experts will support you throughout all phases to contain and remediate threats according to agreed SLAs, orchestrating the remediation process together with your teams and other partners. We can also support you after an incident with digital forensics, post-mortem investigations, e-discovery and evidence preservation services to support legal action. Our expert teams can undertake threat hunting on latent intrusions, disrupting current threats and enhancing security measures against future ones.

Benefit from a range of other threat intelligence services from our cyber surveillance experts, including:

  • Digital asset surveillance: Internet footprinting, website monitoring, blacklist monitoring
  • Fraud prevention: domain name monitoring and take down, phishing detection and take down, malware detection and analysis, mobile app store monitoring
  • Cyber content surveillance: data misuse/contraband, sector and targeted threat monitoring, brand monitoring