Without a SIEM system, victims fly blind in case of an attack
The methods used by hackers are becoming more and more sophisticated, and custom-designed attacks make the detection of cyberattacks even more difficult. Companies therefore need security solutions which can automatically register and remove such activities in the first stage. If an attack is successful nonetheless, companies must be capable of uncovering the approach used by the hacker and initiate countermeasures quickly and effectively.
Potential attackers often gain unrestricted access via email and mobile devices like smartphones and tablets. In these situations, sandboxing technologies and ECG-like monitoring functions provide additional protection, significantly improving traditional protection mechanisms. In addition, a SIEM system (Security Information & Event Management) collects the log data from all network, IT and security sources, automatically evaluates them and detects anomalies. Specialists in the Security Operation Center (SOC) of Telekom Security analyze these irregularities in 24/7 shift operation. They collect information in case of alarms, and provide the IT Security Division of the company with specific recommendations for further actions. In this way, companies profit from the expertise of experienced security analysts as well as from the threat data coming from the Threat Intelligence Platform of Telekom Security. This package offers significantly higher protection from potential attacks and ensures that attackers who managed to slip through the close-meshed security network can be detected quickly and reliably so that effective countermeasures can be initiated.
A number of companies are currently modernizing their IT security due to the changed legislature of the GDPR and the waves of ransomware attacks over the past years. This also includes health insurance companies which employ many data processing programs and possess high volumes of personal data. These assets must be protected separately, which is why the industry is investing in managed SIEM services and mobile security applications. This ensures that activities in the company network as well as devices and applications for mobile staff, such as insurance consultants, are secured.
Modern sandbox technologies reducing the number of security incidents by 50%
Analyze what harm suspicious codes could cause
Is a suspicious email attachment or download a blacklist candidate? The VM-based execution engine delivers the answer.
Managed SOC/SIEM services
Cybercriminals are causing more and more damages with targeted attacks. The study “Cost of a Breach” conducted by Ponemon and IBM shows that a stolen and/or copied file costs an average of 130 euros in 2018. A security incident even caused the affected companies an average of 3.4 million euros in damage. The attackers’ methods are becoming more refined, i.e. sandboxing technologies are tricked by initially inactive, sleeping malware. They then move laterally to spread through the network, which makes it more difficult for the detection software to find them.
For this reason, a central SIEM system is required which monitors all these activities within the network and beyond and renders them visible through alarm messages. Only then can the security officers keep an overview and fulfill the tasks assigned to them. If the SIEM is operated from a SOC, as is the case with Telekom Security’s offer, companies will also profit from the expertise and skills of the experienced security analysts in Bonn. They can filter out false positive messages and support IT Security in finding and removing dangerous malware. To this end, Telekom Security has entered a cooperation with IBM QRadar from which both companies can profit due to the threat data coming from both threat intelligence platforms.