- Average time to detect an attack (Dwell time) hovers about 200 days as reported by some leading research reports
- Existing monitoring capabilities are no match for the changing threat landscape
- Traditional SIEM technologies lack the sophisticated capabilities and visibility required to detect and protect against such advanced attacks
- Integrated monitoring of Operational and Security logs is not prevalent in many organizations
Business Case for Security Analytics
Typically, organizations have tried to respond to evolving threats by implementing several point tools like Anti-Viruses(Anti-malware), Firewall, IPS, URL filters, WAF, DLP solutions and SIEM solutions to prevent and detect security attacks. Mechanisms like Vulnerability Assessments and application security scanners have also failed to mitigate the sophisticated attacks that cannot be detected by point security tools. Here comes Security Analytics that uses behavior analysis for anomalies, which means detecting unusual behavioral patterns. To achieve the best results from Analytics, we need to baseline what is normal and define thresholds. Humungous logs that are generated in an environment are collected, correlated in SIEM giving standalone threat information. Indicators of Compromise (IOC’s) also need to be integrated and correlated with asset criticality and weakness to identify the impact holistically so that appropriate resources can be allocated.
Our SaaS SOC Audits
Our Security Analytics Audit services provide an evlaution of your SaaS-based model hosted on the cloud and can offer Real-Time Security Analytics, or your on premise or hybrid solution to store big data to analyze it in real-time. We can also evulaute your threat indicators that use point tools like Firewall alerts, IPS rules, endpoint IPS, proxy servers, web application firewalls, and other security tools such as your existing SIEM that feed the logs and create a data lake to store the data from various other sources of data for your analytics engine to analyze these large data volumes.
Benefits of SOC using Cloud SaaS
For the Cloud, new security issues and controls exist. Security in the Cloud is the biggest fear amongst CIO’s/CISO’s. Besides, research has indicated that about 60-70% of threats are from insiders, not outsiders. Having a effective SOC can give your organization a competitive edge. A process-driven well defined SOC can reduce the insider threat in your organization. Knowing how much extra value and assurance a SOC can deliver, many clients find that it makes sense to take steps to ensure a more successful outcome, including hiring experts who are skilled in helping companies be more thorough and thoughtful in how they approach their audits.
Key Security Aspects of Our SaaS SOC Audit services
- Evaluate all connections are enabled with SSL/ Https via Transport Layer Security
- Evaluate access thru the common Identity Management Solution
- Evaluate Log Data at rest is stored in an encrypted format using AES 256 bit or other approved encryption
- Evaluate back up and storage of log data
- Evaluate compliance requirements that logs should not be stored with IT Administrators and within retention requirements
- Evaluate instances and stored logs in a specific locations for data sovereignty challenges