High profile security breaches are commonplace in todays media, driving everyone’s awareness of the importance of Cybersecurity across businesses of all sizes. In the first few months of 2019, the following breaches have been reported:
• Marriot Hotels suffered a breach of its reservation system compromising the personal information of 500 million users.
• Apollo, a sales engagement company reported that 200 million records of prospective clients had been stolen from a database it maintained.
• Google announced that it will shut down Google+ after discovering a bug exposed information for 52.5 million users
• Quora, a popular question-and-answer website announced that personal information of 100 million users was exposed in a data breach.
The estimated cost and impact of these breaches is staggering:
• A study by Detica on behalf of the UK Government Cabinet Office estimates that cybercrime will cost UK Businesses £8 billion annually.
• A study conducted by Cybersecurity Ventures estimates that cybercrime will cost the world $6 trillion annually by 2021 exceeding global trade in all major illegal drugs combined.
• A study by PWC reported that only 39% of senior executives were confident that adequate safeguards were in place to deal with cyber threats. In addition, just 53% feel that they are in the process of building sufficient protection.
Cybercrime is clearly big business; the profile of attackers involved in cybercrime has changed from individual ‘hobbyists’ to well organised and highly skilled people performing these actions as a job. The complexity of attacks and exploits have increased exponentially with many being well planned, co-ordinated and using sophisticated methods of evasion. Add to this the fact that the number of Internet connected devices has exploded over recent years with the estimated number of connected IoT devices in 2019 at a little over 42 billion devices in addition to traditional Internet facing services and the scale of the problem is apparent.
To combat these exposures and minimise their attack surface, many companies are introducing multiple products into their infrastructures, each of which is designed to address specific areas of security. These products may be DNS based security, firewalls, IPS\IDS, Web filtering, email filtering, end-point protection, breach detection, cloud access security brokers (CASB), end user behaviour analysis (EUBA), the list goes on. With an estimated 1200+ vendors (many providing multiple products) within the cybersecurity solutions market, there is a huge number of products to choose from.
Each of the products introduced do an excellent job to mitigate cyberthreats within their specific areas and most provide a wealth of information and intelligence that companies can use to provide proactive protection and mitigation to further strengthen their security posture. Whilst these products provide information and intelligence, companies face many challenges when trying to leverage this information such as:
• Much of the information is contained within log files generated by the products. Whilst these log files are generally in plain text format, they tend not to be human readable and a single log files could easily contain 1,000’s or 10,000’s of entries.
• Log files are not generated in any particular standard; different vendors and products will produce logs with different information and formats making deciphering the contents difficult.
• Each product will generate its own set of logs and events resulting in multiple locations of log file information for companies to decipher.
• Because log files are scattered throughout the company’s infrastructure, correlating entries across multiple log files and multiple products manually is extremely difficult if not impossible.
• The human resource required to achieve these tasks is significant. Most companies simply do not have; and do not have the appetite to employ multiple people who could dedicate their time to analysing log files.
• In addition to simply having the human resource to analyse log files, these employees need to have some form of threat intelligence to make informed decisions regarding emerging threats to really add value.
Over recent years there has been a significant growth in the SIEM (System Information and Event Management) market. These systems are designed to ingest logs and events from a diverse number of sources, index that information and enable IT departments to build visualisations (dashboards) based on their requirements and the indexed data. SIEM products form part of the foundation of a SOC service.
SIEM products are available as both on-premise or SaaS offerings. Running on-premises SIEM products requires companies to employ skilled individuals because installing, configuring and supporting SIEM products takes specialised skills. In addition to staff requirements, companies must provide suitably specified compute resource to process large volumes of data in near real time; architect the server and network infrastructure to be able to cope with periods of peak activity; provide and maintain storage needed to store large volumes of data; and backup the normalised and historic data. The barrier for many companies to enter the SIEM market is cost; most SIEM vendors license their products based on the volume of logs and events ingested. This volume is very difficult to quantify resulting in a variable cost service to customers which is difficult to budget for and commercially unattractive. Consuming SIEM as a SaaS model mitigates the requirement for specialist hardware although, the pricing model remains the same and skilled individuals are still required to develop indexing rules and build visualisations.
Pivotal Networks are proud to announce our hosted SOC service which leverages a mature SIEM platform augmented with robust rulesets and algorithms to highlight and correlate well-defined Indicators of Compromise (IoC). This is further enhanced by 3rd party Threat Intelligence feeds and highly skilled security analysts investigating all suspicious or malicious activity. Our hosted service provides a proven, purpose-built SOC which removes the requirement for our customers to employ additional skilled resource and specialised hardware. Pivotal Networks hosted SOC service provides the following benefits for our customers:
• Easy licensing model providing static monthly costs regardless of the volume of data ingested by the SOC.
• A comprehensive hosted SOC service backed by a mature SIEM platform.
• Twenty security analysts work in our SOC; these analysts have an average of more than 5 years professional experience and hold a variety of security-based certifications including CompTIA Security+, CISSP, CEH, ECSA providing human intelligence.
• Comprehensive visibility of events across all security products in your company.
• Aggregation of logs and events from multiple sources.
• Correlation of events across multiple systems and time zones providing full correlation of events.
• Around 1000 product parsers are available at present. If new services are added which do not have parsers available, new parsers will be written at no additional cost.
• Integration with on-premise applications as well as SaaS products through API integration.
• Shared Threat intelligence across multiple companies around the world resulting in faster discovery of emerging threats.
• Automatic creation of remediation tickets providing information about malicious or suspicious activities, involved hosts, supporting evidence, remediation steps and comprehensive activity logging.
• Raw log retention for a 12-month period (can be extended if required).
• Raw logs are stored encrypted and fingerprinted and can be used as “chain of custody” if required.
• 24×7 monitoring by security experts.
Please contact us today to arrange a live demo. We can also offer a free 30-day trial of our hosted SOC service for a limited time.