IT security monitoring company Vijilan Security LLC has begun shipping a new version of its incident response solution with significantly enhanced alerting and deeper integration with third-party management platforms, as well as a managed security information and event management (SIEM) service for midsize and larger businesses.
Currently undergoing a phased rollout and based on an entirely new code base, the incident response solution replaces an earlier system with less robust functionality. When completely in place next month, it will give Fort Lauderdale, Fla.-based Vijilan’s MSP partners greater visibility into the threats being handled on their behalf.
“Our partners want to know what our security operations center is investigating,” says Vijilan CEO Kevin Nejad. “Now they can actually see.”
Users can choose how much they see as well. Select the “relaxed” setting, and the system will display only the most important issues. Select “worried” and less serious threats will come into view as well. Switch to “paranoid” mode and everything Vijilan’s SOC is exploring, no matter how trivial, becomes visible.
MSPs can also configure the new incident response system to email automated alerts about pending threats directly to end users under pre-defined conditions. Other key features include access to device-level health information, richer logging and reporting tools, and the ability to exchange data with leading RMM, PSA, and CRM solutions.
Limited integration with the ConnectWise Manage PSA system is available now. Starting in January, users will gain the ability to import Vijilan data into consolidated service boards and assign clients to different SLAs and agreement levels for billing purposes from within the ConnectWise interface as well.
“Right now, they have to come into our partner portal for those activities,” Nejad notes.
By the end of the first quarter of 2018, Vijilan plans to offer similar integration with IT management systems from Autotask (which officially became part of Datto Inc. on Monday), Kaseya Ltd., ManageEngine, and others.
Enhanced integration with third-party SIEM platforms is on the way as well. The system works with Fortinet’s FortiSIEM product today and will interoperate with SIEM offerings from AlienVault, ArcSight, LogRhythm, IBM’s QRadar unit, and other providers starting in the second half of 2018.
In development for over a year and a half, Vijilan’s revamped incident response solution utilizes an all-new code base built with modern, flexible programming technologies and interfaces. The result, according to Nejad, is an application that’s easier to connect with external applications and to update. Vijilan plans to take advantage of those capabilities by shipping updates and adding integrations more frequently than it has before.
The company’s new managed SIEM service, named ThreatRespond Enterprise, lets businesses outsource administration of third-party SIEM solutions to Vijilan.
“If they have a SIEM, we just go in there [and] manage it for them,” Nejad explains. “If they don’t have a SIEM, we can help them purchase one.”
The new service is designed to help businesses with approximately 500 to 5,000 end points get more value from their investments in SIEM licensing and infrastructure.