Back to top

What is SecureCore?

Industry leading managed security solution including Endpoint Detections and Response (EDR) and Security Information Event Management (SIEM) backed by a 24/7 managed Security Operations Center (SOC) providing modern security threat protection and remediation.

What problem does SecureCore solve?

SecureCore is the answer to rapidly evolving malware, ransomware, zero-day, file-less, and interactive threats. SecureCore is a managed security service geared towards organizations that don’t have an in-house security team.  It enables small and midsize organizations to cost-effectively access best-in-class security solutions previously only available to large enterprises with in-house IT and security teams.    Unlike outdated signture-based antivirus solutions , SecureCore  uses static AI engines, dynamic behavioral tracking, and machine learning models to provide strong 24/7 protection against modern and rapidly changing security threats. SecureCore can identify, remediate, and even roll back malicious changes to systems and files, all while providing rich threat forensics and attack storylines to aid in incident response and visibility.

What are the components of SecureCore?

SecureCore is a managed security service available exclusively from Logically that leverages best-in-class industry solutions.  SecureCore can be purchased as a stand-alone managed security service, or as part of a complete IT managed services package.  SecureCore consists of these primary components:

  • Endpoint Detection and Response based on SentinelOne
  • Security Information Event Monitoring (SIEM) based on Netsurion
  • 24/7 Security Operations Center (SOC)
  • End-to-end managed security services from Logically

Logically’s SecureCore solution has three offerings with a range of features to fit your needs.

  • SecureCore
    • Entry-level offering that is a perfect first step for organizations that need greater protection than traditional antivirus solutions provide.
  • SecureCore+
    • Includes everything in SecureCore plus additional protection that prevents the spread of infections by isolating every endpoint.  Also, extended event insight enables complex issues to be fixed faster.
  • SecureCoreMax
    • Includes everything in SecureCore+ with additional endpoint protection, mitigation of threats from encrypted traffic, and visibility into stolen company credentials on the dark web.

What is EDR and why is it important?

EDR stands for “Endpoint Detection and Response”.  EDR is an evolutionary leap and replacement for traditional antivirus.  It adds behavioral detection engines, and the ability to remediate complex system attacks by monitoring and recording all process, file, and registry actions.  EDR protects against a wide range of threats including malware (executables and fileless based), exploits (document and browser rooted), and live/insider (script and credential driven).

What is SIEM and why is it important?

SIEM stands for “Security Information Event Monitoring”.  SIEM tools are an important part of the data security ecosystem: they aggregate data from multiple systems and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools provide a central place to collect events and alerts and are a natural progression from Syslog collection, which gathers and centralizes logging from systems and network devices.  SIEM takes this a step further and runs intelligence/correlation against this collection of data to provide insights not immediately visible to humans in this volume of data.  SIEM provides two primary capabilities to an Incident Response team:

  • Reporting and forensics about security incidents
  • Alerts based on analytics that match a certain rule set, indicating a security issue

What is a 24/7 Security Operations Center (SOC) and why is it important?

The security operations center monitors and analyzes activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise. The SOC is responsible for ensuring that potential security incidents are correctly identified, analyzed, defended, investigated, and reported.

The key benefit of having a security operations center is the improvement of security incident detection through continuous monitoring and analysis of data activity. By analyzing this activity across an organization’s networks, endpoints, servers, and databases around the clock, SOC teams are critical to ensure timely detection and response of security incidents. The 24/7 monitoring provided by a SOC gives organizations an advantage to defend against incidents and intrusions, regardless of source, time of day, or attack type.  Security Operations requires 24/7 staffing - incidents don’t just happen between 8am and 5pm after all.  It takes a minimum of 5 Security experts to support 24/7 security operations.  An outsourced 24/7 SOC provides all the benefits without the challenge and expense of hiring, training and retaining scarce and expensive security experts.

What’s the difference between Core, Core+ and CoreMax in terms of customer benefits?

SecureCore is a family of solutions including SecureCore, SecureCore+, and SecureCoreMax. All three solutions include EDR, SIEM and a 24/7 SOC.

SecureCore

  • Entry-level offering that is a perfect first step for organizations that need greater protection than traditional antivirus solutions provide.
  • Key features include:
    • 24/7 SOC w/ Premium SLA
    • Monthly Executive Report
    • EDR File Rollback
    • SIEM on Domain Controller
  • Key Benefits include:
    • Detect and prevent cyber incidents with best-in-class security technology backed by a dedicated 24/7 Security Team
    • Monitor and manage critical activity in your environment through monthly Executive Security Reports
    • Perform speedy recovery in the event of a cyber security breach

SecureCore+

  • Includes everything in SecureCore plus additional protection that prevents the spread of infections by isolating every endpoint.  Also, extended event insight enables complex issues to be fixed faster.
  • Key features include:
    • SIEM on Firewall and Domain Controller
    • Automatic Network Isolation of high-risk threats
    • Plug and Play Device Control Standards Management
    • Monthly Endpoint Application Vulnerability Reporting provides awareness of potential threats so they can be prioritized and mitigated before they cause harm
  • Key additional benefits include:
    • Reduce the threat of risks spreading with advanced and automated prevention that isolates every endpoint
    • Protects your sensitive data by limiting data exfiltration and preventing data from being moved outside of network
    • Remediate security issues faster leveraging greater insight from expanded SIEM coverage

SecureCoreMax

  • Includes everything in SecureCore+ with additional endpoint protection, mitigation of threats from encrypted traffic, and visibility into stolen company credentials on the dark web.
  • Key additional features include:
    • Endpoint firewall management with best practice deployment ensuring every device has the highest level of protection
    • Endpoint advanced visibility Including encrypted conversations.
    • Annual InfoSec incident response plan
    • Dark Web Identity Monitoring
  • Key additional benefits include:
    • Extend endpoint protection to the highest level with endpoint firewall management and prevent cyber threats and risks from encrypted traffic
    • Dark web monitoring alerts you when company employee credentials, passwords and PII are found on the dark web
    • Protect your business with a managed incident response plan in order to recover from issues faster and reduce the risk of not being able to fully restore data and systems

What is the Service Level Agreement?

Covered incidents detected 24/7/365 will be responded to within 4hours, with resolution plan within 4 business hours.