What is and why you need a SIEM/SOC

Nov 2, 2021 | Security

Everyday, countless businesses are targeted for attack by malicious hackers. It’s no longer a matter of if. This was highlighted by an experiment run by Sophos, a data security company.

Sophos sought to identify how quickly attackers would be able to identify a vulnerable system on the internet. To do this, they created 10 cloud-based machines in data centers around the globe. These machines, called honeypots, were purposefully misconfigured to be vulnerable. On average, it took 52 seconds before attacks began, and over the course of 30 days the honeypots were attacked 5 million times.

What can attacks happen so promptly and frequently? Most of these attacks are automated to scan the internet and probe any potentially vulnerable system found. To counter this, most security providers and IT managers will implement firewalls, antivirus solutions, backups, etc. But how can an IT manager or business identify when these things fail to provide adequate protection? It’s often not that the software or hardware fails to protect the business, but that a simple human error causing misconfiguration provides a savvy attacker the means to breach a business’ security measures.

Even if we assume that everything is configured perfectly, how can an IT team confirm that, as Sophos reports, 5 million attacks a month are being successfully buffered? Often these attacks come in waves of data that involve lines and lines of packet data that turn 5 million attacks into a deluge of logs to review. Below we see actual footage of a lone IT tech deciphering that quantity of logs.

This is where a SIEM (Security Information and Event Management) and SOC (Security Operations Center) solution comes into play.

A SIEM takes the logs from all of your security tools, servers, endpoints, etc., and stores them in a central location. This provides the ability to review logs across potentially hundreds of systems in a single location. Additionally, the SIEM utilizes machine learning and data provided by threat feeds procured from around the globe. This allows for what would be impossible for a human. It combs through all of the logs and filters out the potentially malicious attacks occurring within the business’ network. Now a human can take the logs that are identified and determine if further action is required to protect the business.

But attacks don’t just happen during business hours when your IT team is working. This is where a SOC kicks in. A SOC is a fully staffed team dedicated solely to monitoring these filtered results 24×7 against whatever SLA you have with your SOC. It’s no secret that attacks have become much more frequent during holiday weekends, when your staff may not be readily monitoring and reviewing alerts from the business. The SOC monitors the business regardless of holidays or time of day, leaving no window of attack available for an attacker to strike.

It’s for this reason that Axxys believes all businesses should highly consider implementing a SIEM/SOC solution to further protect your assets. Contact us to discuss if it makes sense for your business.

Recent Posts

The Acronym Soup of Endpoint Security – AV/NGAV/EDR/MDR

The Acronym Soup of Endpoint Security – AV/NGAV/EDR/MDR

Do you ever miss the stories that started “back in my day”? I used to spend weekends at my grandpa’s house helping with chores like mowing the yard or running around the chicken coups. We’d watch black and white western shows on television and then he’d tell me about...

The Modern Digital Warzone

The Modern Digital Warzone

Cybersecurity often shares many comparisons to military and borrows many concepts and terminology from the forces. For example, the Lockheed Martin Cyber Kill Chain is borrowed from a military concept related to the structure of an attack consisting of target...

Do You Secure Your Lawn?

Do You Secure Your Lawn?

Do you secure your lawn? No, I don’t mean from the likes of “Dennis the Menace”, and hopefully you’ve never uttered the phrase “you darn kids get off my lawn!” But believe it or not, there are some similarities between caring for your lawn and cybersecurity....

So, What’s the Big Deal About Ransomware?

So, What’s the Big Deal About Ransomware?

Thanks to the recent Colonial Pipeline and JBS cyberattacks (and their subsequent impacts), you’re probably encountering the term ransomware more than you used to and it’s not hard to see why – the number of successful ransomware attacks is rising dramatically. The...