SIEM: 24/7 anticipation of attacks

Demo SIEM service

Do you want to know what the SIEM service includes? Watch the demo (in Dutch):

Continuous service provision

Security Incident and Event Management (SIEM) increases the cyber security of institutions; an operation for which the institutions themselves often have insufficient knowledge and time. SIEM is formed by a system that continuously collects and analyses log data from the IT infrastructure, identifying attacks and suspicious behaviour, and a service that advises on possible action to mitigate risks in the event of a breach.

SURF does not have the required time and in some instances highly specialised knowledge to continuously analyse reports. That is why we outsource this service to a supplier who monitors and analyses the reports 24/7 and also supports use case management. Connected institutions use the SIEM service via SURFsoc. Read more about this on the SURFsoc wiki (in Dutch).

Apply use cases

In order to recognise suspicious situations, SIEM applies use cases. For example:

• Monitoring virus scanners: quickly find a virus scanner on specific systems that is switched off (as is the case at Maastricht University).
• Identity Management monitors to recognise 'privilege escalations'.

Many use cases can be relevant to everyone, but they are also very specific. SURFsoc maintains these use cases to relieve the workload for institutions. We provide use case advice and management to help institutions find suitable use cases. We take relevant threat scenarios, the type of institution and specific IT equipment into account, and we also provide support during usage.

Together with SIEM users, we regularly review the collection of use cases and determine whether to expand or adapt them. In that way, we ensure that SIEM evolves, changes and is up to date. Together, we work on a standardisation between all connected settings.