Best Practice

Cyber-Attacks will occur – Be prepared to detect them

Cyber attacks no longer stand a chance: The Group's IT infrastructures are now subject to centralised 24/7 international monitoring.

Cyber attacks: identify and react

A multinational telecommunications company has set up a GSOC together with the security experts from Spike Reply with the aim of ensuring increased visibility and faster response times to IT security incidents. At present, more and more companies are recognising the need to identify cyber attacks faster and to be able to react more specifically to them. A big problem: The IT infrastructures in many companies are not centrally monitored and often lack the appropriate personnel and know-how to quickly ring-fence attacks and eliminate the damage. The solution is to set up an SOC (Security Operation Center),a central location that helps to provide more visibility regarding security incidents.

As cyber attacks and incidents are on the rise, a large multinational telecommunications company has also made the strategic decision to set up a GSOC (Global Security Operation Center). The GSOC should cover all international country organisations and partner markets of the company. Hewlett Packard Enterprise was brought on board as a strategic partner. HP's leading SIEM (Security Information & Event Management) solution, ArcSight, is ideally suited for connecting international locations with very heterogeneous IT landscapes due to its extreme flexibility and scalability.

The technical solution

In order to establish such a SIEM infrastructure, network and SIEM architects were initially required to provide international support for setting up and rolling out the ArcSight infrastructure. The consultants from Spike Reply were in charge of the process from the beginning and are currently also in charge of the expansion of the ArcSight infrastructure in various subsidiaries of the company. 

Following implementation, events from various IT components were successively connected to the infrastructure. Content developers have ensured that events reach the infrastructure without errors while also providing support to the GSOC with alerts, optimisation and the cleaning up of events. Analysts from various specialist areas were brought together at the beginning to assess the large number of events according to how critical they were to be classified. The next step involved setting up IM (Incident Management), which included IR (Incident Response), a department responsible for the operational and technical handling of security incidents. If an incident is identified, this team, together with the relevant departments of the company, is responsible for isolating, resolving and documenting the incident. The experts from Spike Reply have been supporting these activities since the beginning of the project in all national subsidiaries.

Automation for IT Security

The continuous integration of various security components not only significantly increased the security level of the telecommunications company, as it was also possible to detect various security incidents in advance.

Based on their experience gained in this project and the current product developments in IT security, the consultants of Spike Reply are currently working on the introduction of a "Next Generation" SIEM. This solution will focus more on automation and artificial intelligence in order to achieve further synergies and cost savings. Thanks to ongoing developments, the degree of automation for monitoring IT security in companies is constantly being increased. Machine learning enables the systems used to recognise patterns that cause them to issue warnings. However, no matter what degree of automation is used, the human factor must never be disregarded in these scenarios. A person must still always check whether an alarm has really been triggered by a security vulnerability, in order to determine if action is actually required.

Spike Reply, the security expert within the Reply network, is one of the leading IT system integrators for IT security in Germany. Its range of services extends from the design and integration of numerous IT security products to the commissioning and operational management of complete IT systems. With this portfolio, Spike Reply acts as a full-service security provider for well-known large companies and medium-sized customers - covering all areas from analysis, auditing and design to the provision of a data protection officer and even the management of SOC's (Security Operation Centers).