Reply is the place to meet an incredible variety of enthusiastic, passionate, ideas-driven people, who want to make a difference and an impact.Would you like to know more?
At present, more and more companies are recognising the need to identify cyber attacks faster and to be able to react more specifically to them. A big problem: The IT infrastructures in many companies are not centrally monitored and often lack the appropriate personnel and know-how to quickly ring-fence attacks and eliminate the damage. The solution is to set up an SOC (Security Operation Center), a central location that helps to provide more visibility regarding security incidents.
As cyber attacks and incidents are on the rise, a large multinational telecommunications company has also made the strategic decision to set up a GSOC (Global Security Operation Center). The GSOC should cover all international country organisations and partner markets of the company. Hewlett Packard Enterprise was brought on board as a strategic partner. HP's leading SIEM (Security Information & Event Management) solution, ArcSight, is ideally suited for connecting international locations with very heterogeneous IT landscapes due to its extreme flexibility and scalability.
In order to establish such a SIEM infrastructure, network and SIEM architects were initially required to provide international support for setting up and rolling out the ArcSight infrastructure. The consultants from Spike Reply were in charge of the process from the beginning and are currently also in charge of the expansion of the ArcSight infrastructure in various subsidiaries of the company.
Following implementation, events from various IT components were successively connected to the infrastructure. Content developers have ensured that events reach the infrastructure without errors while also providing support to the GSOC with alerts, optimisation and the cleaning up of events. Analysts from various specialist areas were brought together at the beginning to assess the large number of events according to how critical they were to be classified. The next step involved setting up IM (Incident Management), which included IR (Incident Response), a department responsible for the operational and technical handling of security incidents. If an incident is identified, this team, together with the relevant departments of the company, is responsible for isolating, resolving and documenting the incident. The experts from Spike Reply have been supporting these activities since the beginning of the project in all national subsidiaries.
The continuous integration of various security components not only significantly increased the security level of the telecommunications company, as it was also possible to detect various security incidents in advance.
Based on their experience gained in this project and the current product developments in IT security, the consultants of Spike Reply are currently working on the introduction of a "Next Generation" SIEM. This solution will focus more on automation and artificial intelligence in order to achieve further synergies and cost savings. Thanks to ongoing developments, the degree of automation for monitoring IT security in companies is constantly being increased. Machine learning enables the systems used to recognise patterns that cause them to issue warnings. However, no matter what degree of automation is used, the human factor must never be disregarded in these scenarios. A person must still always check whether an alarm has really been triggered by a security vulnerability, in order to determine if action is actually required.