Security Operations Centre and Security Information and Event Management (SOC/SIEM)

About the project
Project type SOC/SIEM
Client Large fund manager
Make an enquiry

A client ran into a situation where somebody tried to hack their network with a brute force password cracking tool. This should have generated alerts from their managed security service provider, but was not detected until a month later. 

A successful hack could have enabled fraudulent transactions, private or commercially sensitive information being exposed, and reputational damage for the organisation. 

From this, our client recognised that without a robust centralised security monitoring and logging capability, its ability to detect and respond to cyber threats would be limited. The organisation also knew that it was at risk of failing to meet the expectations of its clients and regulators. 

The organisation realised it required external assistance to help choose the right Security Information and Event Management (SIEM) technology and a new managed security service provider to run its Security Operations Centre (SOC). 

We helped the client run a SOC/SIEM Request for Proposal (RFP) process, implement the SIEM solution, and embed the SOC into the organisation. Check out our article here on some tips on defining SOC and SIEM requirements. 

Our 4 Step Approach: 

Stage 1 – Prioritising Top Use Cases: With any type of monitoring, you can’t monitor everything. During this phase we completed an analysis to understand the biggest threats faced by our client, and we helped identify the top priority security monitoring use cases. 

Stage 2 – Scalable Design: SIEM architecture designs were developed to ensure that the top priority use cases were met, but also ensuring the solution would be scalable for the future. 

Stage 3 – Reducing False Positives: Once the SIEM was installed and operational, extensive testing and tuning of the solution was undertaken to ensure it was triggering and alerting appropriately. 

Stage 4 – Sustainable management: The project underwent service transitioning to ensure the SOC was comfortable with fully supporting the solution. 

The outcome was that our client was able to detect and react to its top priority cyber threats, including the real-time detection of brute force attacks. This also enabled the organisation to have a better response to client and regulator enquiries about how it safeguards its key information assets. 

Financial Services organisations have become a primary target for data breaches, identity theft and related fraud due to the highly sensitive and valuable data they hold.

If you need help with choosing the right SOC or SIEM provider, please get in touch on +44 203 603 4733 or email us at info@three-two-four.com.

Case Study Tags

Get in touch

If you’d like to discuss your cyber security concerns and how we could resolve them, please do get in touch.

Connect with us

Make an enquiry

    Other information you may be interested in

    Hey there, couldn’t help noticing you’re using Internet Explorer

    That’s great and all, and we commend you for pushing through with it. Unfortunately we no longer offer support for IE; it hasn’t received a major update since 2015 and Microsoft are dropping support for it later in the year.

    If you’re using Windows 10 and want to stick with a built in browser, please consider switching to Edge. Or, if you really want to enjoy the internet properly we strongly recommend downloading Google Chrome here.