Enhancing Security: Logging, Threat Detection & Response Strategies

Security Gap Assessment For [Company Name] An Analysis of Your Current Logging, Threat Detection & Response Score

Why Logging, Detection & Response? It s critical to meet security, compliance and cybersecurity insurance: Score Essential for forensics & detection; required by CMMC, NIST, PCI and cyber insurance to get claims paid Logging Critical to identify attacks early to stop a breach Threat Detection Real-time, prioritized alerts enable faster response times Alerting One year of data retention required; ensure log integrity & confidentiality Audit / Compliance Automated response & playbooks to contain threats quickly to limit damage and costs Response High availability, 24/7 automated monitoring for full reliable coverage Monitoring

Where Are Your Gaps Today? Scoring your current security posture Current State Score 0/6 Logging 4/13 Threat Detection 1/6 Alerting 0/7 Audit / Compliance 0/4 Response 0/3 Monitoring

Assessment: Logging Current Blumira Capability Centralized, offsite, immutable, security/audit log repository Security/audit log retention for 1 year Logs are automatically parsed, correlated, and available for query Windows hosts have security logging enabled beyond the defaults Security logs are centrally collected for on-premises applications Security logs are centrally collected for cloud applications

Assessment: Threat Detection Current Blumira Capability Central log monitoring for threats across your environment Advanced detection rules applied to centralized log data Correlated third-party threat intelligence to detect threats Automated matching of event and threat information Honeypot(s) deployed for internal reconnaissance detection Active detection of threats at border gateways & firewalls Detection of common misconfigurations in M365, Windows and/or Linux systems (Elevated Admin Priv, inbox forwarding, internet- accessible RDP or SMB etc.)

Assessment: Threat Detection, Cont. Current Blumira Capability Active detection for indicators of data exfiltration Active detection for identity attacks such as password spraying and/or credential compromise Phishing / DNS site detection from Windows and Azure logs Detection of newly created Domain administrator accounts Detection of Lateral movement tools (mimikatz, PSExec, LoL techniques, abuse of PowerShell) Active detection of Clearing of Log Events across cloud and on-prem

Assessment: Alerting Current Blumira Capability 24/7 SecOps guided response available for critical alerts Alerting is prioritized and consolidated to speed remediation Only actionable threats are surfaced to reduce the noise of non- actionable information Alerts are delivered instantaneously, without delay Configurable alert options (email, phone call, SMS) based on alert type and priority Alerts provide direct link back to evidence, threat details and actionable playbooks on how to respond

Assessment: Audit/Compliance Current Blumira Capability Easily create custom reports helpful in proving compliance Access to pre-built reports helpful for audit / proving compliance Scheduled delivery of recurring audit/compliance reports Offsite 1 year retention of your security/audit logs Audit new domain administrator account creation Ability to export logs to CSV or JSON Logs can t be modified by administrators or attackers

Assessment: Threat Response Current Blumira Capability Guided response playbooks can be easily followed to remediate the threats identified Automated blocking of security threats on your internet gateway (For supported Firewalls) Response playbooks can be used with basic IT helpdesk skills Role-based administration for responders to enable IT and/or third party providers to interact and respond with the security team

Assessment: Monitoring Current Blumira Capability Detection solution has high availability Detection solution has 24x7 automated detection Detection solution queue logs in the event of an internet outage and resume once connectivity is re-established?

Our Recommendations We recommend adding Blumira Advanced Edition to fill your gaps: Advanced Edition Before Blumira Score Free Edition Score Score 0/6 2/6 Logging Logging 6/6 Logging 3/13 6/13 Threat Detection Threat Detection 13/13 Threat Detection 1/6 2/6 Alerting Alerting 6/6 Alerting 0/7 2/7 Audit / Compliance Audit / Compliance 7/7 Audit / Compliance 0/4 3/4 Response Response 4/4 Response 0/3 2/3 Monitoring Monitoring 3/3 Monitoring

Free vs Paid Editions Features Gained When Moving to a Paid Edition Name Paid Edition Features Gained Detection Rule Management Detection visibility. Ability to enable/disable detections. The ability to customize detections to not trigger findings for certain hosts or IP addresses 24/7 Security Operations Team Support Product and Security support. In addition to 24/7 Security Response help, the SecOps team also helps customize the Blumira product experience for customers through changes to dashboards, reports, and detections Ability to save and schedule custom reports, delivered via email on a frequency of your choice. Additional dashboards that provide detailed insights to security and management teams Reporting and Dashboards Retention Either 30 days (M365), or 1 year (Cloud, Advanced) of data retention Free edition and M365 edition both leverage the M365 Integration. Additional integrations are available in paid editions: (See full list at blumira.com/docs) Integrations Dynamic Blocklists and Honeypots Automated blocking of security threats on your internet gateway (For supported Firewalls) and Honeypots for detection of unauthorized access attempts and lateral movement