parallax background

MANAGED SIEM SERVICE

WE HELP YOU to do your favorite job and not think about IT and Cybersecurity

WORRIED ABOUT DATA SECURITY?

Outsource IT Security is the trustworthy managed SIEM partner you’ve been looking for. We offer cloud- based SIEM software that enables you to find and eliminate a threat before it disrupts your workflow. Our solution allows you to control unauthorized actions, monitor the system in real-time and analyze any network activity.

WHAT IS MANAGED SIEM?

Security Information and Event Management, or SIEM if short – is a complex programmatic solution for IT infrastructure security. SIEM compiles security data from network devices, servers, domain controllers, etc. It, normalizes, aggregates, and applies analytics to this data to identify trends, detect threats, and enable organizations to investigate any correlations. SIEM systems help businesses to secur information from hack, data leaks and other threats.

SIEM systems allow organizations to detect incidents that could have gone unnoticed and simplify security management in the enterprise by filtering huge amounts of data.

HOW IT WORKS?

There are two fundamentally different approaches to the technical support of information security:


1.PREVENTIVE

The preventive method of information protection is aimed at preventing violations preventing information security violations of the active objects state

For example, blocking the launch of a dangerous file via an antivirus or prohibiting an incoming unauthorized connection using a firewall. Thus, threats to information security are suppressed at the stage of appearance — everything is aimed at preserving information with the help of preventive means

2.DETECTIVE

The essence of the detective approach is to collect as much information as possible about a certain event or action, provided that we do not know for sure whether these events or actions are legitimate or not

For clarity, here is a simple example. Lets assume several unrelated events occurred in your organization's network with the SIEM service:

  • The CPU utilization of one of the user workstations has increased to 100%;
  • There was a login to the Windows system;
  • A flash drive was connected to the users workstation;
  • The employee has gone on vacation.

Individually, only the first event is suspicious. But thanks to the SIEM system, you will be able to automatically link these events into the following logical chain:

  1. The Windows login occurred from the account of an employee who went on vacation.
  2. The attacker connected a flash drive to this workstation, after which the CPU load increased.
  3. The SIEM system automatically creates an incident «Miner detected», although the signatures of the antivirus software did not work for some reason.

WHAT TASKS DOES THE SIEM SYSTEM PERFORM?

  • Prompt control, detection and response to information security incident handling;
  • Creation of a single information security monitoring center in the organization;
  • Creating a plan and assigning duties (the areas of responsibility of the company's personnel in the information security incident management field;
  • Managed SIEM provides compliance monitoring with the industry standards: PCI DSS, IT management and others.

POPULAR QUESTIONS AND ANSWERS

1Why spend money on something that does not bring direct profit?

Consider a simple scenario. An example would be a DDOS attack on an electronic banking website (web server):

  • The SIEM platform identifies then the attack and alert about it, and operators inform the managers correspondingly;
  • The managers review technical information and determine how many losses the managed SIEM company will suffer due to server unavailability;
  • They then inform the senior management and financial managers of the losses they will have to incur if action is not taken;
  • If the board is satisfied with the result of the expertise, they make a decision and give consent to the firewall/IDS-IPS teams to take action;
  • After they take action, the web server will be twice as idle.

This way, both money and customer satisfaction are saved.

The managed SIEM solution does not make a profit, but reduces losses.

2What does SIEM give besides providing security?

In addition to warnings and incident response, SIEM helps the organization with compliance and regulatory issues.

As such, log retention is an important criterion for all major requirements such as ISO 27001, HIPAA, and PCI DSS.

For example, ISO27001 has a control for logging and monitoring (A – 12.4), It assumes that all event logs, user actions, and security events should be logged in the archive with the appropriate timestamp.

The logs should also be protected from unauthorized access, forgery, etc.

There is a list of controls that must be installed to ensure proper compliance.

3Who needs a SIEM system?

The largest consumer of SIEM systems is the banking sector. In such organizations, the continuous flow of personal confidential data is the norm. It is important to be able to track the incident when it occurs, and know for sure whether it was an third-party attack or an employee's mistake.

The second category of consumers is large companies whose infrastructure generates a huge number of events of various properties every day.

The latter category includes all organizations that are faced with the problem of untimely detection of information security incidents and their consequences for the entire IT infrastructure.

4Does SIEM provide 100% security?
The success of a SIEM project depends not only on qualified specialists from the supplier, but also on the customer company. The SIEM system will not work on its own. Your organizations staff must be competent enough to interact with SIEM on a regular basis. The responsibilities of such specialists will include a wide range of tasks: incident analysis, setting up rules and adapting the system. Therefore, managed SIEM service needs qualified technical support of security experts