SECURITY INCIDENT?
CALL US 24/7 +31(0)88 133 0700

SIEM and SOC

Content

Content

Does your organization an IT landscape waarof which you want to map the security status? Do you always want to be able to respond as adequately as possible to detected security alerts and threats? Then biedt NFIR you a scalable, manageable and affordable
solution with its Security Information and Event Management (SIEM) and

the implementation of a Security

Operation

Centre (SOC).
 We offer our SIEM as a fully automated solution, where you no longer have to interpret data yourself. The outputs are notifications where your
IT department

can take measures.

Read on this page how we

how we take care of everything and what results you will achieve when implementing our SIEM and

SOC solution

.

Defining use cases

Mitigate risk of data compromise by criminals seeking monetary gain in the process.

Design

Work out connection of log sources based on design.

Implementation

Translate design into customer input.

Monitors

Fine-tuning the use cases.

Monthly service

Monthly reporting and implementing necessary actions.

In 5 steps to a resilient online environment

Currently you already have several devices in your network that store information. Often the existing dashboards of firewalls, for example, are far too complicated to interpret or your employee does not have time for it. Therefore, have the security monitoring specialists of NFIR automatically process this log data on the basis of use cases that we jointly determine. In addition to rule-based processing of log information, NFIR also works with machine learning to detect patterns that may indicate suspicious traffic. By monitoring network activities in this way, you are quickly informed of suspicious activities and can take appropriate action. For a secure and orderly approach, we work with a step-by-step plan.

1. Identify use cases.

As a starting point of the use-case development we assume to curb the risk of information being compromised by criminals for monetary gain through extortion. Consider the growing phenomenon of ‘ransomware‘ as well as to the ex-filtration of classified information. Criminals bypass detection measures that indicate the building of such an attack. This requires an understanding of how to detect these constructive activities; these activities are captured in the cyber security market also linked to the ‘Cyber Security Kill Chain’. See below for a representation of the common steps involved in this chain that can be taken and result in a successful attack. The steps in this ‘chain’ have been worked out as an attack scenario, however, it is also possible that other paths could be used leading to a variety of scenarios. The translation to use-cases remains therefore a constant development that NFIR focuses on based on the constant supply of knowledge from various experiences.

As a starting point, a simplification is used with the following attack steps:

  1. Discovery of environments, vulnerabilities
  2. Attempts at account abuse and/or modification of rights
  3. Installing/configuring malware
  4. Communication appropriate to attacks
  5. Catch-all‘, for analysis

2. Design

In this step, we work out the connection of the log sources, based on a design. The log sources should be collected through the network in an integer manner. Secure configurations are therefore used when connecting.

3. Implementation

After the design is established, implementation is provided including entry testing and aggregation of logging. The result is a

working environment including generating insight based on the use-cases.

4. Monitoring/Delivery.

Monitoring and tuning the use-cases including reporting findings on a monthly basis for optimization. In this phase, the main focus is on optimizing the use-cases.

5. Monthly service

After realization of the initial use-cases, a monthly report is provided based on the based on the developments within your organization. Various actions can follow from this report. Think For example introducing new or adjusted logsources for further optimization or a further detailing of the use cases. use-cases. These activities are included based on the entered scope and prioritized in consultation with u. On the NFIR side, specialist expertise is included on a monthly basis. In addition, consultations are held on the prioritization and activities required by a service manager.

What results are achieved with our SIEM/SOC solution?

The end result includes:

  • Continuous security monitoring of your service scope network, servers, laptops, PCs and firewall
  • Immediate alert in case of suspicious or malicious traffic and after analysis act immediately with appropriate measures
  • Hackers are “spotted” immediately
  • Malware is identified before it has been able to nest and spread in your network, to your customers or even further.
  • Monitoring for intentional or unintentional unauthorized use of your network (by your own employees, external parties or organizations allowed on the network).
  • In the case of Data breaches the relevant IP traffic is digitally recorded, so that in the event of an investigation by the personal data authority, you will always have the requested information.
  • Malicious actions are stopped on all endpoints. Monthly reporting, monthly meetings with service manager.

Have Security Monitoring implemented?

Security Information and Event Management (SIEM) and Security Operation Centre (SOC) processed together in NFIR Insights,
our fully automated solution where you no longer interpret data yourself.

Get in touch with us

SIEM is a real-time operating system to manage security incidents. These systems ensure that security intelligence is concentrated at one organization and each security professional can respond immediately to any incidents. The integrated SIEM (Security Information and Event
Management) software help security professionals manage threats and incidents, ensuring a safer work environment.SIEM is primarily used to analyze and prevent network and security incidents. Thanks to the monitoring of log files, the system offers a complete overview of everything that happens in your network.


A SOC (Security

Operation

Centre) is a

security center
 and collection point from all security systems in a company. This collective information is then used for analysis and to take targeted actions to prevent a security incident.

In the event of an outside cyber attack, information and analysis about the impact, effectiveness and likelihood of recurrence are obviously important. With a SOC, you are able to promote consistency and information sharing among all parties involved.

NFIR helps organizations get specialized security knowledge. We are your security partner for implementation and management of incident management systems.

NFIR’s vision on security monitoring is that this service should no longer be reserved for the largest companies in the Netherlands with a lot of security knowledge. For this reason, NFIR’s security monitoring service offers a very affordable and easy to interpret solution for SMEs (companies with 50 to 500 employees).

Under the GDPR legislation, the government requires you to take appropriate measures to protect personal information where you are responsible or processor. Protecting starts with monitoring network activities.

No, We offer our SIEM as a fully automated solution, where you no longer have to interpret data yourself. The outputs are notifications that your IT department can take action on take.U receives critical notifications directly via email or text message and you can take action on them yourself. If desired, our Security Monitoring specialists support your organization in taking these actions. In addition, we can also relieve you of your worries when interpreting (more complex) reports. If things really go wrong, we can support you at any location with our

Incident Response teams


.

Together with you, the scope of the monitoring is determined and use cases identified. To the of
use

cases, log sources are connected.

The end result includes:

  • Continuous security monitoring of your service scope network, servers, laptops, PCs and firewall
  • Immediate alert in case of suspicious or malicious traffic and after analysis act immediately with appropriate measures
  • Hackers are “spotted” immediately
  • Malware is identified before it has been able to nest and spread in your network, to your customers or even further.
  • Monitoring of intentional or unintentional unauthorized use of your network (by your own employees, external parties or organizations allowed on the network.
  • In the case of Data breaches the relevant IP traffic is digitally recorded, so that in the event of an investigation by the personal data authority, you will always have the requested information.
  • Malicious actions are stopped on all endpoints. Monthly reporting, monthly

The SIEM process consists of 5 phases:

  1. Use identify cases
  2. Design
  3. Implementation
  4. Monitoring/Delivery
  5. Monthly service

A firewall only indicates that a risk has been detected. For your organization, it is important to Contain the risk. In doing so, it is important to interpret the signals correctly, so you can take action. Firewall dashboards are often very complex and difficult to interpret. We work with clear dashboards and support you in interpreting them and indicate what action is required from you to eliminate the risk.

Stay up to date on the latest Security Threats

Stay on top of the latest IT Security threats by signing up for our Threat Intelligence reports. As soon as we publish a new Threat Intelligence report, you will be notified immediately by email.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.
Elementor Footer #15975

NFIR - Rijswijk

  • Laan van Zuid Hoorn 165
    2289 DD Rijswijk
    Netherlands
  • Directions

NFIR - Zwolle

  • Burgemeester Roelenweg 12
    8021 EV Zwolle
    Netherlands
  • Directions

Contact

Elementor Footer #15975
Elementor Footer #15975
Elementor Footer #15975

Copyright © 2024 NFIR B.V.