Architectures
Every customer environment is different. Keos works with you to see the big picture before committing to infrastructure changes or large capital expenditures.
Security Detections and Remediations
Keos resources spend most of their time on this topic. Whether it is migrating from one SIEM to another SIEM. Or a fresh install of a security product. Or an improvement to an existing security stack that is clearly not living up to its full potential. Keos has seen it all and done it all.
Machine Learning relating to incident detections and analytics
Often marketed as "Artificial Intelligence", machine learning is the real meat behind stunning results. Security and operational teams can greatly benefit from Keos' ability to model behaviors and alert on anomalies.
Trouble Shooting
Unfortunately, Cisco and Splunk's products are not management free and self-sustaining over long periods of time. Some might argue, over short periods of time. The good news is that issues are never unique. Chances are high that Keos has seen it before and will see it again. And more importantly, that Keos can fix your issue sooner than later.
Health Checks
Unfortunately, Cisco and Splunk's products are not management free and self-sustaining over long periods of time. Some might argue, over short periods of time. The good news is that issues are never unique. Chances are high that Keos has seen it before and will see it again. And more importantly, that Keos can fix your issue sooner than later.
Threat Intelligence
Security customers typically have an existing threat intelligence subscription. If not, Keos can help you see the pros and cons of various suppliers. After the customer has a threat intelligence feed, then Keos can help get that data into Splunk ES and Splunk SOAR. Threat intelligence can have a significant impacton risk-based alerting, analysis and remediation.
POC
Prior to making a major cash outlay, it is wise to see the product perform. Keos provides customers with a POC (Proof of Concept) with customer specific objectives in mind. This is not a sales motion. Rather an opportunity for the customer to see if the product lives up to the their expectations.
Detection as Code
Customers typically have Splunk's products internally available as a shared resource. That means that many people from different groups and divisions use Splunk. Over time, an ungoverned environment spins out of control. Detection as Code is an internal Splunk skunkworks project that was made commercially available by Keos. With Detection as Code the customer can manage the environment using 3rd party Dev Ops tools.
Reduce license cost
Splunk charges customers based on different metrics: data ingestion, SVC usage, number of user seats, etc. Over time, these metrics grow along with the annual license fee. At least once a year, Keos recommends the customer "tune" the existing stack. The cost associated with Keos tuning the stack can pay for itself in the form of a reduced license fee.
IT Operations Detections and Remediations
Every customer monitors the health and well-being of their internal infrastructure and services. The challenge is getting the data into Cisco/Splunk's products and predictively reporting issues before they become problematic. Getting data in is less of a skill and more of an art form. Keos has a broad set of known and proven techniques that can be used to get data into Splunk. And Keos has a track record of producing high fidelity alerts.
High Availability and Disaster Recovery
For customers who need to make sure their products continue working in the event of a disaster, high availability and disaster recovery are a requirement. Splunk Cloud provides this ability out of the box. But customer managed stacks do not. Including customer equipment that is sending data to Splunk Cloud. Keos has many success stories under their collective belts to help architect and implement HA/DR requirements.
Prepare for an audit
Splunk's products do not include a suite of detections to pass a security audit. Nor could Splunk ever do that. Every customer environment is different, and exposures are varied across the industry. Not too surprisingly, Keos often gets called in to help prepare for an audit. And sometimes after a failed audit. In a pre-audit scenario, Keos is asked to look for gaps and write detections to cover those gaps. In a post-audit scenario, the auditor (or pen tester) has found gaps, and Keos is called in to fill in missing detections.