SIEM: 24/7 anticipation of attacks
Institutions themselves often have insufficient knowledge and time to adequately secure their ICT infrastructure. Security Incident and Event Management (SIEM) is essential to increase the security of these institutions. SIEM consists of a system that detects suspicious behaviour and a service that advises in the event of breaches.
Demo SIEM service
Do you want to know what the SIEM service includes? Watch the demo (in Dutch):
Continuous service provision
Security Incident and Event Management (SIEM) increases the cyber security of institutions; an operation for which the institutions themselves often have insufficient knowledge and time. SIEM is formed by a system that continuously collects and analyses log data from the ICT infrastructure, identifying attacks and suspicious behaviour, and a service that advises on possible action to mitigate risks in the event of a breach.
SURF does not have the required time and in some instances highly specialised knowledge to continuously analyse reports. That is why we outsource this service to a supplier who monitors and analyses the reports 24/7 and also supports use case management. Connected institutions use the SIEM service via SURFsoc. Read more about this on the SURFsoc wiki (in Dutch).
Apply use cases
In order to recognise suspicious situations, SIEM applies use cases. For example:
- Monitoring virus scanners: quickly find a virus scanner on specific systems that is switched off (as is the case at Maastricht University).
- Identity Management monitors to recognise 'privilege escalations'.
Many use cases can be relevant to everyone, but they are also very specific. SURFsoc maintains these use cases to relieve the workload for institutions. We provide use case advice and management to help institutions find suitable use cases. We take relevant threat scenarios, the type of institution and specific ICT equipment into account, and we also provide support during usage.
Together with SIEM users, we regularly review the collection of use cases and determine whether to expand or adapt them. In that way, we ensure that SIEM evolves, changes and is up to date. Together, we work on a standardisation between all connected settings.
SIEM is an optional service. Costs depend on the amount of network traffic. If you want to know more, please contact us.