Does your organization an IT landscape waarof which you want to map the security status? Do you always want to be able to respond as adequately as possible to detected security alerts and threats? Then biedt NFIR you a scalable, manageable and affordable
solution with its Security Information and Event Management (SIEM) and
the implementation of a Security
Operation
Centre (SOC).
We offer our SIEM as a fully automated solution, where you no longer have to interpret data yourself. The outputs are notifications where your
IT department
can take measures.
Read on this page how we
how we take care of everything and what results you will achieve when implementing our SIEM and
SOC solution
.
In 5 steps to a resilient online environment
Currently you already have several devices in your network that store information. Often the existing dashboards of firewalls, for example, are far too complicated to interpret or your employee does not have time for it. Therefore, have the security monitoring specialists of NFIR automatically process this log data on the basis of use cases that we jointly determine. In addition to rule-based processing of log information, NFIR also works with machine learning to detect patterns that may indicate suspicious traffic. By monitoring network activities in this way, you are quickly informed of suspicious activities and can take appropriate action. For a secure and orderly approach, we work with a step-by-step plan.
1. Identify use cases.
As a starting point of the use-case development we assume to curb the risk of information being compromised by criminals for monetary gain through extortion. Consider the growing phenomenon of ‘ransomware‘ as well as to the ex-filtration of classified information. Criminals bypass detection measures that indicate the building of such an attack. This requires an understanding of how to detect these constructive activities; these activities are captured in the cyber security market also linked to the ‘Cyber Security Kill Chain’. See below for a representation of the common steps involved in this chain that can be taken and result in a successful attack. The steps in this ‘chain’ have been worked out as an attack scenario, however, it is also possible that other paths could be used leading to a variety of scenarios. The translation to use-cases remains therefore a constant development that NFIR focuses on based on the constant supply of knowledge from various experiences.
As a starting point, a simplification is used with the following attack steps:
- Discovery of environments, vulnerabilities
- Attempts at account abuse and/or modification of rights
- Installing/configuring malware
- Communication appropriate to attacks
- Catch-all‘, for analysis
2. Design
In this step, we work out the connection of the log sources, based on a design. The log sources should be collected through the network in an integer manner. Secure configurations are therefore used when connecting.
3. Implementation
working environment including generating insight based on the use-cases.
4. Monitoring/Delivery.
5. Monthly service
After realization of the initial use-cases, a monthly report is provided based on the based on the developments within your organization. Various actions can follow from this report. Think For example introducing new or adjusted logsources for further optimization or a further detailing of the use cases. use-cases. These activities are included based on the entered scope and prioritized in consultation with u. On the NFIR side, specialist expertise is included on a monthly basis. In addition, consultations are held on the prioritization and activities required by a service manager.
What results are achieved with our SIEM/SOC solution?
The end result includes:
- Continuous security monitoring of your service scope network, servers, laptops, PCs and firewall
- Immediate alert in case of suspicious or malicious traffic and after analysis act immediately with appropriate measures
- Hackers are “spotted” immediately
- Malware is identified before it has been able to nest and spread in your network, to your customers or even further.
- Monitoring for intentional or unintentional unauthorized use of your network (by your own employees, external parties or organizations allowed on the network).
- In the case of Data breaches the relevant IP traffic is digitally recorded, so that in the event of an investigation by the personal data authority, you will always have the requested information.
- Malicious actions are stopped on all endpoints. Monthly reporting, monthly meetings with service manager.
Have Security Monitoring implemented?
Security Information and Event Management (SIEM) and Security Operation Centre (SOC) processed together in NFIR Insights,
our fully automated solution where you no longer interpret data yourself.
What is a SIEM (Security Information and Event Management)
SIEM is a real-time operating system to manage security incidents. These systems ensure that security intelligence is concentrated at one organization and each security professional can respond immediately to any incidents. The integrated SIEM (Security Information and Event
Management) software help security professionals manage threats and incidents, ensuring a safer work environment.SIEM is primarily used to analyze and prevent network and security incidents. Thanks to the monitoring of log files, the system offers a complete overview of everything that happens in your network.
What is a SOC (Security Operation Centre)?
A SOC (Security
Operation
Centre) is a
security center
and collection point from all security systems in a company. This collective information is then used for analysis and to take targeted actions to prevent a security incident.
In the event of an outside cyber attack, information and analysis about the impact, effectiveness and likelihood of recurrence are obviously important. With a SOC, you are able to promote consistency and information sharing among all parties involved.
NFIR helps organizations get specialized security knowledge. We are your security partner for implementation and management of incident management systems.
Does every organization benefit from SIEM/SOC?
NFIR’s vision on security monitoring is that this service should no longer be reserved for the largest companies in the Netherlands with a lot of security knowledge. For this reason, NFIR’s security monitoring service offers a very affordable and easy to interpret solution for SMEs (companies with 50 to 500 employees).
Why is it important to have SIEM/SOC implemented?
Under the GDPR legislation, the government requires you to take appropriate measures to protect personal information where you are responsible or processor. Protecting starts with monitoring network activities.
As a company or organization, should I interpret the output of the monitoring myself?
No, We offer our SIEM as a fully automated solution, where you no longer have to interpret data yourself. The outputs are notifications that your IT department can take action on take.U receives critical notifications directly via email or text message and you can take action on them yourself. If desired, our Security Monitoring specialists support your organization in taking these actions. In addition, we can also relieve you of your worries when interpreting (more complex) reports. If things really go wrong, we can support you at any location with our
Incident Response teams
.
What part of the network is being monitored?
Together with you, the scope of the monitoring is determined and use cases identified. To the of
use
cases, log sources are connected.
What results does SIEM provide?
The end result includes:
- Continuous security monitoring of your service scope network, servers, laptops, PCs and firewall
- Immediate alert in case of suspicious or malicious traffic and after analysis act immediately with appropriate measures
- Hackers are “spotted” immediately
- Malware is identified before it has been able to nest and spread in your network, to your customers or even further.
- Monitoring of intentional or unintentional unauthorized use of your network (by your own employees, external parties or organizations allowed on the network.
- In the case of Data breaches the relevant IP traffic is digitally recorded, so that in the event of an investigation by the personal data authority, you will always have the requested information.
- Malicious actions are stopped on all endpoints. Monthly reporting, monthly
What phases does the SIEM process consist of?
The SIEM process consists of 5 phases:
- Use identify cases
- Design
- Implementation
- Monitoring/Delivery
- Monthly service
I have a firewall installed. Is that enough?
A firewall only indicates that a risk has been detected. For your organization, it is important to Contain the risk. In doing so, it is important to interpret the signals correctly, so you can take action. Firewall dashboards are often very complex and difficult to interpret. We work with clear dashboards and support you in interpreting them and indicate what action is required from you to eliminate the risk.