A client ran into a situation where somebody tried to hack their network with a brute force password cracking tool. This should have generated alerts from their managed security service provider, but was not detected until a month later.
A successful hack could have enabled fraudulent transactions, private or commercially sensitive information being exposed, and reputational damage for the organisation.
From this, our client recognised that without a robust centralised security monitoring and logging capability, its ability to detect and respond to cyber threats would be limited. The organisation also knew that it was at risk of failing to meet the expectations of its clients and regulators.
The organisation realised it required external assistance to help choose the right Security Information and Event Management (SIEM) technology and a new managed security service provider to run its Security Operations Centre (SOC).
We helped the client run a SOC/SIEM Request for Proposal (RFP) process, implement the SIEM solution, and embed the SOC into the organisation. Check out our article here on some tips on defining SOC and SIEM requirements.
Our 4 Step Approach:
Stage 1 – Prioritising Top Use Cases: With any type of monitoring, you can’t monitor everything. During this phase we completed an analysis to understand the biggest threats faced by our client, and we helped identify the top priority security monitoring use cases.
Stage 2 – Scalable Design: SIEM architecture designs were developed to ensure that the top priority use cases were met, but also ensuring the solution would be scalable for the future.
Stage 3 – Reducing False Positives: Once the SIEM was installed and operational, extensive testing and tuning of the solution was undertaken to ensure it was triggering and alerting appropriately.
Stage 4 – Sustainable management: The project underwent service transitioning to ensure the SOC was comfortable with fully supporting the solution.
The outcome was that our client was able to detect and react to its top priority cyber threats, including the real-time detection of brute force attacks. This also enabled the organisation to have a better response to client and regulator enquiries about how it safeguards its key information assets.
Financial Services organisations have become a primary target for data breaches, identity theft and related fraud due to the highly sensitive and valuable data they hold.