Windstream Enterprise rolls out SIEM service

Windstream Enterprise is adding SIEM capability into its security bundle. (Pixabay)

Windstream Enterprise has added a SIEM service to its security arsenal to help midsized enterprises ward off security threats.

Windstream's SIEM, which stands for security information and event management, monitors services for threats and helps businesses stay compliant with PCI and HIPAA regulatory requirements.

Trent Pham, Windstream Enterprise's head of product, security services, said that most midsized enterprises lack the large budgets to efficiently monitor and log security threats. Pham said that Windstream Enterprise defines midsized enterprises as those with between 500 and 1,000 employees.

"Some of the attributes associated with the mid-enterprises is that they lack internal resources for IT," Pham said. "So with cybersecurity, when it comes to having the resources internally to provide that capability, it's either really small or it's nonexistent. The large enterprises implement best of breed for security because they want to be forward leaning.

"The other thing that we see from customers is that they want to buy from a single source for their IP services. So this includes your voice, your data, networking and all of the security from that single source. That provides convenience and they also can always go to a single entity for all their issues."

Pham said that Windstream Enterprise has a lot of customers in the retail space and that Payment Card Industry (PCI) compliance is important to those customers. While the primary target for SIEM is midmarket enterprises, Windstream also offers support for small businesses and large enterprises.

SIEM is currently part of Windstream Enterprise's Managed Network Services (MNS), although it could be offered as a standalone service down the road. SIEM offers 24/7 threat monitoring and log retention.

MNS comes in three tiers: basic, advanced and premium. SIEM threat monitoring and log retention are part of the premium bundle.

For log retention, Windstream collects logs from the MNS firewalls and customer-owned systems, which include active directory, Windows, Unix and Linux servers, to correlate the data for potential threats.

The log retention data is stored offline and the firewall logs can be stored up to 12 months, or up to seven years. The data from customer-owned systems can also be stored for up to seven years.

"The service characteristic that we try to build up our security services around is that it's highly integrated," Pham said. "And of course it's compatible with our core network services like MPLS and SD-WAN. We also have a bundled solution internally that bundles MPLS, internet and also VoIP which is called DYIP. We also design our services with a simple service structure and definitions that are going to be comprehensive of capabilities."

RELATED: Windstream Enterprise bows new, all-encompassing web portal

The road map for SIEM includes a portal interface, which could include Windstream Enterprises' recently launched WE Connect portal. There will also be further integration with SD-WAN, managed router, internet, MPLS, MNS NFV and additional work with customer-owned firewalls, routers and switches.

Pham said that Windstream would decide whether to offer SIEM as a standalone service at a later date once it sees how its customers react to the initial offering.

"The firewall NFV is something we have planned, but down the road towards the end of this year," Pham said. "It's basically taking the firewall capabilities that we provide to customers in an appliance form or chassis form today and have it as a virtualized piece of software that runs on the VeloCloud customer premises device."

On the business services front, Windstream Enterprise primarily competes with Comcast Business, CenturyLink, Verizon and AT&T.