Blog: Monitoring, Detection & Response (SIEM)

How would you know if your business was being attacked by a cybercriminal?

Some businesses invest in their own Security Operations Centre (SOC) to ensure they know when they’re under attack, but not all organisations can afford to run their own SOC. We know. We understand the costs. We run one!

If you can afford to run your own SOC, great. However, there’s several further challenges in running a SOC in-house. The continuous training of staff and staff retention, and availability of staff to monitor events and alerts coming from a Security Information and Event Management (SIEM) solution 24/7/365.

“In a recent SANS survey, 59% of respondents indicated that a lack of trained security staff and skills were the biggest challenges when it came to threat intelligence and detection / SIEM initiatives.”

This can leave organisations vulnerable in relying on existing IT teams and softwares that have not been tuned or set up properly, to create an effective monitoring and alert system, thus giving a false sense of security.

We have our own highly qualified team of security engineers who, together with our own next generation software solution – Nazar – fully manage, monitor, detect, investigate, and respond to suspicious activity. Our SOC is manned 24/7/365 and is a fully managed monitoring service.

So, how does it work for clients?

Our managed Nazar solution detects threats from the minute the system is installed. We’ve built an extensive library of rules, updated daily from our Security Operations Threat Intelligence team, our penetration testing experts and from the OTX Open Threat Exchange. This gives us the ability to detect threats from day 1.

Whilst this gives clients coverage from day one, this is not our work completed. We then tune the device based on three key metrics – your environment, your web presence and your systems which are likely to be exploited (this may be due to poorly written applications or systems which are vulnerable and unable to be patched at that stage) with our Cyber Security Experts monitoring and investigating suspicious activity.

Outsourcing a SIEM solution like ours takes out a lot of legwork for clients.

Many leading technologies produce a huge number of events and alerts which need to be reviewed. We take feeds from multiple sources including, but not limited to, network security monitoring (NSM), host-based intrusion detection system (HIDS), network-based intrusion detection system (NIDS), Windows logs, Firewall and Switch logs. This can create hundreds of events an hour which need review from a cyber security expert or SOC analyst. Combining the right bespoke tuning and technology will minimise false positives but still needs someone available 24/7 to monitor and analyse alerts.

Our systems can detect and notify clients within 15 minutes of an alert of a suspected breach or virus outbreak. In addition, we can provide a response from our UK-based SOC team to stop the intruder before any damage is done*.

Our managed SIEM takes the hard work and laborious analysis away from your internal resource. We log and store the data for compliance/forensics requirements, providing trustworthy and reliable logs and reports. We build and compile the reports for you, so you don’t have to.

We regularly consult with clients on how to maximise their threat detection and response by using our SIEM solution and experts to either jointly manage or fully manage your SOC 24/7/365.

Get in touch to chat with one of our team.

* Based on pre-agreed scenarios where Communicate has strict guidelines on how to react.