Managed Security and Compliance (MSC) goes beyond MDR, offering ongoing monitoring and remediation for our Compliance Automation environments.

With the powerful combo of CA and MSC, your entire compliance effort is simplified. 

Our MSC service monitors, supports, updates, and remediates your Compliance Automation (CA) environment, actively resolving any issues that affect security or compliance.

With CA and MSC working together, we create an end-to-end compliance solution that dramatically reduces the cost, time, and risk of becoming compliant, as well as the risks of falling out of compliance or experiencing a breach. 

PCI Compliance Automation Learn More >>

FedRAMP Compliance Automation Learn More >>



Sherlock Managed SIEM

Cloud-native, fully-managed SIEM with integrated threat intelligence and threat hunting powered by machine intelligence.

Sherlock Decoy

Decoy systems deployed inside your cloud and on-premise environments to detect malicious activity in real-time.

Sherlock Threat Scan

Automated, continuous scanning of systems, applications, and networks for suspicious activity and vulnerabilities.

Threat Intelligence

We use the best public and private threat intelligence data, optimized and customized for your specific business risks..

Compliant by Design

Our architecture accelerates and simplifies compliance for standards like PCI, HIPAA, ISO 27001, NYDFS, SOC 2, and GDPR.

DevOps Ready

We seamlessly integrate into DevOps teams for a CI/CD pipeline that is secure, by default and by design.


Tap the categories below to explore details


Sherlock Managed SIEM

The central component of Sherlock is our cloud-native Security Information and Event Management product. Purpose built and optimized to use the scale and power of the cloud.

The Sherlock SIEM will:

  • Auto-deploy and auto-scale
  • Ingest data from all your security sources: NGFW, endpoint, netflows, cloud logs, servers, DNS, and more
  • Take data from cloud or on-site sources
  • Use log data, not outdated packet capture, to sit lightly on your network while maintaining visibility
  • Mine all your data for indicators of compromise, suspicious activity, and unusual user account behavior
  • Catalog and categorize threat data
  • Alert SOC staff if there is evidence of an attack
  • Provide dashboards and reports
  • Store and archive data automatically
  • Ensure compliance with standards such as PCI, HIPAA, ISO 27001, and GDPR
  • Never stop ingesting data because you met a data cap
  • Never commingle your data
Sherlock Cloud SOC
The Sherlock Cloud SOC is our premier protection service. The Sherlock SOC will:

  • Provide 24x7x365 coverage from USA-based staff
  • Automate detection and response wherever possible
  • Conduct manual hunts for emerging threats or suspicious activity (on Protect and Protect+ subscription levels)
  • Deliver actionable security intelligence through the Sherlock Vision Portal
  • Integrate directly into your DevOps CI/CD pipeline
  • Integrate with your change management practices
  • Integrate with your reporting or alerting mechanisms
  • Use intelligence and creativity to design new ways to protect your data
  • Customize your reports and dashboards to meet your unique needs
  • Collaborate with your IT and security teams to stop attacks and remediate vulnerabilities
  • Spring to action if an attack is occurring
  • Collaborate with law enforcement or your legal counsel when necessary
  • Engage compliance experts from Anitian, when needed
  • Never commingle your data
  • Always keep you in control
Sherlock Decoy

Decoys, also known as ‘deceptions’ or ‘honey pots,’ are an area of advanced cybersecurity techniques that involve generating decoy users, servers, or network traffic in order to entice hacking. When an attacker scans or attempts to access the system, the deceptions technology profiles their activities and reports back to the Sherlock SOC.

Your Sherlock Decoy deployment includes:

  • Automated deployment in the cloud or on-premise
  • Customization to appear as legitimate systems in your environment
  • Customized analytics based on your risk profile
  • Real-time automated analytics
  • Regular updates to identify emerging threats
Vulnerability Management

Our vulnerability management will:

  • Automatically deploy and configure to scan your environment
  • Conduct regular and continuous vulnerability scans of everything, in the cloud or on-site
  • Report all its data to the SIEM
  • Be optimized to the systems and applications in your environment
  • Automatically update with the latest vulnerability definitions 
  • Conduct custom scans based on the latest threat intelligence
  • Conduct custom scans based on our internal intelligence from Anitian’s Ring.Zero penetration testing team
  • Auto-scale to meet your needs
  • Never commingle your data
  • Never stop scanning because you hit an IP cap (it auto-sizes)
Endpoint Protection

Sherlock Endpoint provides continuous monitoring and protection of all cloud and on-premise systems. Powered by Trend Micro, Sherlock Endpoint offers complete security.

Sherlock Endpoint will:

  • Auto-deploy to all your servers or workstations, either on-site or cloud
  • Provide comprehensive endpoint security:
    • Anti-malware
    • Endpoint firewall
    • File integrity monitoring
    • System integrity monitoring
    • Advanced system behavior analytics
    • Intrusion detection (IDS/IPS)
    • Malicious code quarantine
  • Integrate directly into your DevOps CI/CD pipeline
  • Send all data to the SIEM
  • Provide real-time protection
  • Update signature and definitions in real time
  • Ensure compliance with standards such as PCI, HIPAA, ISO, SOC 2, and GDPR
  • Never commingle data with anybody else



A web application firewall (WAF) is an essential component of security operations for businesses with large amounts of data flowing through HTTP applications. Among other things, a WAF protects servers from XSS and SQL-injection attacks, and can be tuned as applications or attackers evolve.

The Sherlock WAF includes:

  • Automatic deployment, tuning, and monitoring
  • Real-time updates based on the latest threat intelligence
  • Auto-scaling
  • Automated response to application attacks
  • Reporting all data to the SIEM
  • Ensure compliance with standards such as PCI, HIPAA, and ISO 27001
  • Customized reports and dashboards on the Sherlock SIEM

For deep inspection and filtering of the traffic flowing through a network, a next generation firewall (NGFW) has been an important piece of a functional security setup. While the dominance of NGFWs is on the decline as those controls move increasingly to the cloud, they are still essential for many hybrid and onsite environments. The Sherlock team can deploy and tune NGFWs, both as code in the cloud and as physical devices, if needed.

Your Sherlock NGFW includes

  • On-site appliances for hybrid cloud environments
  • Real-time updates and monitoring
  • Automated responses, customized to your environment
  • 24x7x365 support and monitoring from the Sherlock SOC
  • Emergency change or updates provided
  • All events forwarded to the Sherlock SIEM
  • Full NGFW feature set including:
    • Firewall
    • Application control
    • Web filtering
    • IDS/IPS
    • Gateway anti-malware
    • VPN / Remote Access
  • All tuning, monitoring, updating, and support included
  • Diverse vendor support: Fortinet, Palo Alto, Cisco
  • Customized reporting and dashboards
  • Ensure compliance with standards such as PCI, HIPAA, SOC 2, ISO 27001, and GDPR
  • Co-management and monitoring only subscriptions available
Add On Components
You can enhance your Sherlock subscription with monitoring and management of any of these other security controls;

  • Data loss prevention (DLP)
  • Network IDS/IPS (on-premise)
  • Secure web gateway (SWG)
  • Network anomaly detection

These add-ons all include

  • 24x7x365 monitoring, management, and support
  • Customized reports and dashboards
  • All data forwarded to the SIEM
  • Automated responses wherever possible
  • Real-time updates
Share This