We have a strong belief in detective controls and security analytics in general. You need the crucial defense-in-depth layers that detective controls give through tracking logs and all the other data a contemporary SIEM consumes because, at least occasionally, bad people are going to circumvent your preventive measures. Even better, taking the battle to the adversary rather than waiting passively can be accomplished by going on the offensive via threat hunting.
Yet, a SIEM is similar to a fitness machine. The best exercise equipment in the world won’t help you build muscle or lose weight if no one uses it frequently and vigorously.
The comparison to an exercise machine can only go you so far because it doesn’t emphasize the importance of highly qualified specialists. A stronger comparison might be made between the numerous sensors and active and passive monitoring systems found on an aircraft carrier. If there isn’t a team of experts evaluating the data and relaying the threat status to the officer on duty, then that technology won’t be much help. There are simply a lot of attractive flashing lights and screens.
Similarly, a SIEM requires a SOC. But how many small- to medium-sized businesses actually have the staff, equipment, and expertise necessary to keep an eye on, evaluate, and look into what your SIEM is telling you when it’s telling you, when it’s telling you? If you’re anything like me, you might be skilled, but you don’t have the time to spend a few minutes per day looking at a SIEM, and our company isn’t large enough to support a 24/7 SOC either.
Consider setting up the squelch, allowing the SIEM to only notify you of the most suspicious events, and attempting to check the dashboard daily. You are, after all, compiling logs just in case, aren’t you?
That strategy, however, is unlikely to identify accidents in time to minimize harm. Small businesses are just as vulnerable to cyber threats as big organizations are, but we can’t take advantage of economies of scale to properly implement protection.
Or, can we? Leveraging economies of scale is the answer for small and medium-sized businesses (SMBs), but how this is done differs from how it is done for giant corporations. The scale is available within large businesses. The company is large enough to support staffing and managing an internal SOC.
And yet, tiny companies can band together to achieve such economies of scale. We’re not discussing a security cooperative, but that’s an intriguing concept. This is security monitoring as a service that we are discussing. Several firms are collaborating with service providers to acquire the advantages of a SOC instead of, or in addition to, establishing an on-prem SIEM. It resembles a corporate jet fractional ownership arrangement almost exactly, only better. Depending on your needs, the jet could or might not be accessible.
You still receive all the strength, adaptability, and security of an on-premise SIEM with SIEM-as-a-Service, though. In order to conduct your own monitoring and threat-hunting, informed by your in-depth knowledge of your organization and network, you are free to use and benefit from the SIEM as much as you have the time and resources for. Nevertheless, in addition to your efforts, you are supported by a 24/7 SOC operation that cares for and monitors your SIEM. You don’t need to be concerned that no one is in charge when you are preoccupied with other initiatives, situations, or investigations.
This is crucial because the job that a tiny or one-person security team has to be doing goes beyond security monitoring and your SIEM.
For instance, the CYB3R-X platform offers this in their SIEM as a Service product, SIEMphonic. Its product line comprises on-premises and cloud-based implementations of SIEM, intrusion detection, vulnerability scanning, threat intelligence, and HoneyNet deception technologies. A 24/7 intelligence-driven SOC at the organisation offers remote administration and analytics.
Do you want to know more about SIEM? Talk to us today or email us at demo@cyb3r-x.com for a demo.
