SIEM Experts Give Advice

In the recent Hiscox Cyber Readiness Report, a significant majority of firms surveyed said they had experienced one or more cyber-attacks in the last 12 months. The costs and frequency associated with attacks has also increased compared to a year ago, and small and medium sized firms were found to be just as vulnerable as larger enterprises for the first time.   This makes the reality clear that securing an enterprise is not getting easier, it’s getting harder and more expensive.

One of the main reasons for this is that technologies and solutions intended to defend a network are implemented but not subsequently managed by someone who is either skilled enough to recognise an attack is in progress or does not have the time to analyse the information 24/7/365.

Critical Defence

Take SIEM solutions, which are a critical defence tool for protecting any business. Many businesses mistakenly think that by implementing a SIEM solution alone, they’re keeping their enterprise fully secure. The truth is that if there was to be a threat detected, there needs to be a team within the business who has the responsibility to look after this threat 24/7, 365 days of the year– and these people need to be skilled enough to understand what the attack is, what is has accessed and to understand what changes they need to make to stop the attack. Unfortunately, this isn’t likely to be the case for most businesses and training up existing staff is expensive and laborious. Furthermore, constant tweaks and updates of the alerting rules need to be implemented to ensure only genuine alerts are raised.

MTI’s Managed SIEM Service

MTI’s Managed SIEM service deals with this directly; not only do we monitor alerts 24/7/365 that businesses are getting, we can triage them and make sure they’re all valid, to ensure it is a genuine attack rather than a false positive. We would then use our call out matrix to alert you to the attack, meaning that the right expert will be talking to the right person in your business about the attack at any time of any day. Considering the sheer amount of information that SIEM solutions provide, this helps to ensure that your business doesn’t waste time reviewing false positive SIEM alerts or trying to understand an attack whilst it is in progress and propagating around your environment.

The alternative is for a business to implement SIEM on their own and they’ll be notified of an attack by the SIEM but will be on their own trying to stop the attack; meaning staff need to fully understand forensic incident response processes and carry out the right actions correctly and in the right order.

With a SIEM Managed Service, within 15 minutes one of forensic investigators will be speaking on the phone to talk to the business and explain what they should – and shouldn’t – do, and they will be on site within four hours to contain the threat and stop the attack.

It’s no surprise that in the Hiscox study, cyber security spending had gone up 24% year-on-year. The average spend is now £1.11 million, and the total spent by the 5,400 firms surveyed in the report was a staggering £6 billion. Two-thirds of respondents say they plan to increase their spending on cyber security by five percent or more in the year ahead. But firms spending money need to ensure they make calculated decisions. MTI’s SIEM Managed Service solution provides threat intelligence and support that is difficult and usually too expensive to replicate in-house. If you’re considering SIEM, it’s worth considering a SIEM Managed Service to help ensure you aren’t one of those companies that are struck by a cyber-attack.