Many companies do not have dedicated security people, but split duties for System Administrators, Network Administrators, amongst others. Utilizing NexGen ensures there are dedicated Security people such as Security Analysts who are threat hunting and monitoring alerts and logs, and Security Engineers fine-tuning and supporting the service.

A co-managed model defines a partnership where NexGen is sent your logs for servers, firewalls, and other system devices for monitoring, threat triage and analysis. We’ll be your ‘eyes on glass’ where you’ll be our ‘hands-on devices’ as NexGen will not have any access to your systems, but work with you and your team to identify threats and provide mitigate recommendations.

During a compliance audit, you will be asked to provide evidence of centralized logging and monitoring, length of log storage (i.e. 1 year), evidence of event and monitoring actions (tickets, mitigation steps performed), etc. NexGen as your co-managed partner will provide screenshots, SIEM reports, sample alert tickets, and other supporting evidence for your audit. We are always willing and able to join a call or meeting in progress with your compliance team.

The type and number of alerts are dependent on the type of Firewall, IDS, IPS, EDR, and Antivirus solutions you have in place. Our MDR and SOCaaS will provide alerts based on user and group activities, machine and share activities, network traffic and events, error and warning conditions, anomalous and suspicious events and correlations, etc. NexGen SOC prides itself on sending you actionable alerts that have been researched and investigated, and that provide the next steps or mitigation suggestions. Additionally, notifications and alerts are sent by priority (informational, low, medium, high, and critical) and sent to a group of individuals you have provided us, such as an email distribution list for your security team.