8 April 2019
High profile security breaches are commonplace in today’s media, driving everyone’s awareness of the importance of Cybersecurity across businesses of all sizes. In the first few months of 2019, the following breaches have been reported:
The estimated cost and impact of these breaches is staggering:
Cybercrime is clearly big business; the profile of attackers involved in cybercrime has changed from individual ‘hobbyists’ to well organised and highly skilled people performing these actions as a job. The complexity of attacks and exploits have increased exponentially with many being well planned, co-ordinated and using sophisticated methods of evasion. Add to this the fact that the number of Internet-connected devices has exploded over recent years with the estimated number of connected IoT devices in 2019 at a little over 42 billion devices in addition to traditional Internet-facing services and the scale of the problem is apparent.
To combat these exposures and minimise their attack surface, many companies are introducing multiple products into their infrastructures, each of which is designed to address specific areas of security. These products may be DNS based security, firewalls, IPS\IDS, Web filtering, email filtering, end-point protection, breach detection, cloud access security brokers (CASB), end-user behaviour analysis (EUBA), the list goes on. With an estimated 1200+ vendors (many providing multiple products) within the cybersecurity solutions market, there is a huge number of products to choose from.
Each of the products introduced do an excellent job to mitigate cyberthreats within their specific areas and most provide a wealth of information and intelligence that companies can use to provide proactive protection and mitigation to further strengthen their security posture. Whilst these products provide information and intelligence, companies face many challenges when trying to leverage this information such as:
Over recent years there has been significant growth in the SIEM (System Information and Event Management) market. These systems are designed to ingest logs and events from a diverse number of sources, index that information and enable IT departments to build visualisations (dashboards) based on their requirements and the indexed data. SIEM products form part of the foundation of a SOC service.
SIEM products are available as both on-premise or SaaS offerings. Running on-premises SIEM products requires companies to employ skilled individuals because installing, configuring and supporting SIEM products takes specialised skills. In addition to staff requirements, companies must provide suitably specified compute resource to process large volumes of data in near real time; architect the server and network infrastructure to be able to cope with periods of peak activity; provide and maintain storage needed to store large volumes of data; and backup the normalised and historic data. The barrier for many companies to enter the SIEM market is cost; most SIEM vendors license their products based on the volume of logs and events ingested. This volume is very difficult to quantify resulting in a variable cost service to customers which is difficult to budget for and commercially unattractive. Consuming SIEM as a SaaS model mitigates the requirement for specialist hardware although, the pricing model remains the same and skilled individuals are still required to develop indexing rules and build visualisations.
Pivotal Networks are proud to announce our hosted SOC service which leverages a mature SIEM platform augmented with robust rulesets and algorithms to highlight and correlate well-defined Indicators of Compromise (IoC). This is further enhanced by 3rd party Threat Intelligence feeds and highly skilled security analysts investigating all suspicious or malicious activity. Our hosted service provides a proven, purpose-built SOC which removes the requirement for our customers to employ additional skilled resource and specialised hardware. Pivotal Networks hosted SOC service provides the following benefits for our customers:
Please contact us today to arrange a live demo. We can also offer a free 30-day trial of our hosted SOC service for a limited time.