From SIEM to SOC - from simple to complex
Valery Vasiliev | 06/22/2017
IncreaseKsenia Zasetskaya
Ksenia Zasetskaya
Evgeniy Afonin
The average time to detect a corporate ICT infrastructure breach, according to estimates voiced by Evgeny Afonin, an architect of information security solutions at HPE, is 243 days today. At the same time, a medium-sized company registers approximately 8-12 thousand information security events every second. These data were obtained based on users of the ArcSight SIEM tool; most likely, similar information security and information security event management (SIEM) tools detect the same number of events.
To adequately respond to changes in the malaysia mobile database landscape characterized by such indicators, it is necessary to automate and centralize the collection, correlation, and preferably even analysis (using developed rules) of information security events. SIEM systems have been used for these purposes for about twenty years.
According to Evgeny Afonin, the most frequently used Russian users of SIEM tools are ready-made (developed by vendors) rules and reports related to the correlation of events in the Windows platform, in network traffic controlled by the NetFlow protocol, related to monitoring compliance with the PCI DSS standard, and recently also to monitoring compliance with the NERC CIP standard requirements related to the information security of the energy supply infrastructure.
The next logical step in increasing cybersecurity for companies after the implementation and operation of SIEM systems is the stage of building their own center for monitoring and responding to information security incidents (SOC), or turning to external providers of SOC services. The SOC market is approximately twice as young as the SIEM market. Even younger is the market for commercial SOCs providing services for monitoring and responding to information security incidents.