SIEM
MONITORING, DETECTION & RESPONSE
That is possible with a good SIEM solution (security information event management tool). If you do not notice an intrusion attempt in time, a small incident can grow into a huge crisis.
Detecting and reacting as quickly as possible is therefore of great importance. It is all about reducing the “mean time to resolve”.
SIEM TOOLS FOR YOUR SOC
Do you want to do more about detection and response (in addition to safe design (design) and prevention (prevent))? Setting up a Security Operations Centre (SOC) function is a first step in the right direction.
Your SOC will have to use Security Information Event Management tools. There are many types of those SIEM solutions available in the market. Some of the best known are AlienVault, ArcSight, LogRythm, Splunk, Q-Radar (IBM). We know these platforms well at Northwave.
SIEM in the Cloud
In addition, the major Cloud providers now come up with their own solutions. For example, Microsoft provides Sentinel and Google and Amazon also have SIEM tools.
All those security information event management tools collect cyber security information and log events. Security alarms are then issued by the SIEM. They come about through correlation and asking smart questions about the collected data. Most platforms also use externally obtained cyber threat intelligence.
False positives
No SIEM is plug and play, whatever the “folder” promises you. So-called “false positives” are a known issue. You get a deluge of alarms, but only a part is relevant. The SIEM is then not effective for your cyber security. That can only be solved by an expert implementation and calibration of the SIEM.
A security analyst will then have to further investigate such a SIEM alarm to be sure of the nature and cause of the incident. The analyst then determines the solution for the incident (incident response).
Every SIEM tool has its own advantages and disadvantages. There are different technological options, in licence models and in costs. A good comparison of SIEM tools requires in-depth knowledge of security analysis, forensics and incident response.
Northwave is happy to help you with this. We do that in two ways:
- You can outsource this function to us in full. You can read more about that here.
- We help you to set up your Security Operations Centre, by helping you to choose a tool (we are not a reseller ourselves), designing your processes and training your people and / or offering temporary capacity.
SIEM / SOC SERVICES
Our Security Operations Centre (SOC) is one of the most advanced in the Benelux. Our team is very experienced and our people were involved in founding and improving many SOCs of multinationals and national authorities.
FIND, COMMIT, TRAIN SIEM SPECIALISTS
The distinguishing factor is human. Every platform can alert you of an incident. The output of a SIEM always also requires specialist analysis and knowledge of your landscape. There are no tools that already automate this process well enough to handle generic administrators.
When setting up a SOC function, it is therefore not the tooling that is important, but rather the question whether you can find and commit the right people to properly perform the role of analyst and incident responder. For most organisations, including multinationals, this cannot be implemented sufficiently and a form of outsourcing or co-sourcing is usually sought.
We have a lot of experience with these issues and material. We can independently help you to make the right choices. We do this for clients from almost all sectors, including organisations that are part of the critical infrastructure of our country.
CYBER SECURITY AS A SERVICE
With the 360-degrees approach to information security of Northwave you ensure that all your important information is always properly secured. We translate abstract risks into concrete improvements to your ICT security.
Do you also want to be permanently monitored or monitor? Contact us or request a quote.
This post is also available in: Dutch
