From SIEM to SOC - from simple to complex
Valery Vasiliev | 06/22/2017
IncreaseKsenia Zasetskaya
IncreaseEvgeniy Afonin
Evgeniy Afonin
The average time to detect a corporate ICT infrastructure breach, according to estimates voiced by Evgeny Afonin, an architect of information security solutions at HPE, is 243 days today. At the same time, a medium-sized company registers approximately 8-12 thousand information security events every second. These data were obtained based on morocco mobile database of the ArcSight SIEM tool; most likely, similar information security and information security event management (SIEM) tools detect the same number of events.
To adequately respond to changes in the cyber threat landscape characterized by such indicators, it is necessary to automate and centralize the collection, correlation, and preferably even analysis (using developed rules) of information security events. SIEM systems have been used for these purposes for about twenty years.
According to Evgeny Afonin, the most frequently used Russian users of SIEM tools are ready-made (developed by vendors) rules and reports related to the correlation of events in the Windows platform, in network traffic controlled by the NetFlow protocol, related to monitoring compliance with the PCI DSS standard, and recently also to monitoring compliance with the NERC CIP standard requirements related to the information security of the energy supply infrastructure.