- Average time to detect an attack (Dwell time) hovers around 200 days as reported by some leading research reports
- Existing monitoring capabilities are no match for the changing threat landscape
- Traditional SIEM technologies lack the sophisticated capabilities and visibility required to detect and protect against such advanced attacks
- Integrated monitoring of Operational and Security logs is not prevalent in many organizations
Business Case for Security Analytics
Typically, organizations have tried to respond to evolving threats by implementing several point tools like Anti-Viruses(Anti-malware), Firewall, IPS, URL filters, WAF, DLP solutions and SIEM solutions to prevent and detect security attacks. Mechanisms like Vulnerability Assessments and application security scanners have also failed to mitigate the sophisticated attacks that cannot be detected by point security tools. Here comes Security Analytics that uses behavior analysis for anomalies, which means detecting unusual behavioral patterns. To achieve the best results from Analytics, we need to baseline what is normal and define thresholds. Humungous logs that are generated in an environment are collected, correlated in SIEM giving standalone threat information. Indicators of Compromise (IOC’s) also need to be integrated and correlated with asset criticality and weakness to identify the impact holistically so that appropriate resources can be allocated.
Our SaaS Solution
Our Security Analytics services provide a SaaS-based model which is hosted on the cloud and can offer Real-Time Security Analytics, depending on your need we can Implement the solution to store big data and analyze it in real-time. We can also configure threat indicators for identifying advanced threats by reverse engineering and using point tools like Firewall alerts, IPS rules, endpoint IPS, proxy servers, web application firewalls, and other security tools or use your existing SIEM to feed the logs and create a data lake to store the data from various other sources of data for our analytics engine to analyze these large data volumes using pre-configured rules.
Benefits of SOC using Cloud SaaS
For the Cloud, new security issues and controls exist. Security in the Cloud is the biggest fear amongst CIO’s/CISO’s. Besides, research has indicated that about 60-70% of threats are from insiders, not outsiders. Having a SOC can give your organization a competitive edge. A process-driven well defined SOC can reduce the insider threat in your organization. Knowing how much extra value and assurance a SOC can deliver, many clients find that it makes sense to take steps to ensure a more successful outcome, including hiring experts who are skilled in helping companies be more thorough and thoughtful in how they approach their audits.
Key Security Aspects of Our SaaS solution
- All connections to our SaaS service are enabled with SSL/ Https via Transport Layer Security
- There is an option to integrate the access thru the common Identity Management Solution
- Log Data at rest is stored in an encrypted format using AES 256 bit encryption
- All logs are automatically backed up and stored for 30 days max unless otherwise agreed
- Logs are stored in the cloud. As required by many compliance requirements that logs should not be stored with IT Administrators Our solution fulfills this requirement
- We can create a separate instance and store logs in a specific location if you have data sovereignty challenges