What is ConnectProtect® SIEM & SOC as a Service?
ConnectProtect® is a continuous security monitoring and reporting platform that is built on Microsoft Azure Sentinel. The platform ingests all the logs from an organisations on-prem or cloud cybersecurity solutions, networking devices and servers. Once the logs are securely ingested into ConnectProtect®, they are correlated to give the security experts at ConnectProtect®’s 24x7x365 Security Operation Centre the visibility to continuously monitor your organisation and respond to any threats identified.
ConnectProtect® is used by many organisations across the public and private sector and we have correlated the three top reasons which have driven IT and managment teams to choose ConnectProtect®.
1. Had previously invested in a self-managed SIEM solution but were not realising the value from the investment due to competing IT priorities.
Although SIEM tools are very powerful (our own ConnectProtect® platform is built on Microsoft’s SIEM tool, Azure Sentinel) there are many challenges for organisations to manage and get the most of out of them, thereby turning an inhouse managed SIEM tool from a benefit to a hindrance. Our clients have said that configuring their SIEM tool was a challenge and required specialists for the on-going management such as correlation of rules, feeding the various data sources into the SIEM, and dealing with all the alerts effectively. We found that those clients who switched from their self-managed SIEM tool to ConnectProtect®, realised that outsourcing to a cloud-based platform such as ConnectProtect® far outweighed the complexity and significant effort involved in configuring and managing their SIEM tool.
2. Security improvements following a cyber breach
It is sad but true that many organisations have turned to ConnectProtect® after suffering from a significant cyber breach within their organisation. Once the immediate threat of their cyberattack has passed and a post breach review has taken place, many IT and Management teams have come to the realisation that they must address other vulnerabilities in their systems right away and ensure that they (or their provider) not only monitors the organisation, but also acts on the alerts generated. Those organisations that have adopted ConnectProtect® have done so because intertwined with the platform is a 24x7x365 manned Security Operation Centre whose job is to investigate and respond to all alerts. A number of those organisations that did suffer a breach did so because their current internal team were not responding to the alerts (due to the sheer volume of alerts), as well as the lack of internal skills needed to deal with the alert. Some organisations were only being alerted by their security provider and without a security expert or in-house Security Operation Centre (SOC) to take the actions needed deal with the alert, just a monitoring and alerting service proved useless.
3. Recommendations following a security audit
Many organisations now routinely have IT security audits to demonstrate compliance with regulations. These security audits will help identify security loopholes. Many organisations have turned to ConnectProtect® following the recommendations made from an audit. The areas which ConnectProtect® is addressing are: No Vulnerability Scanning: IT auditors will always assume that your system is vulnerable even with an updated system. Organisations have been recommended to conduct vulnerability scanning and ConnectProtect® Vulnerability Scanning as a Service has addressed this need. No Centralised Security Log Management: IT security audits will insist on a central security log management function and ConnectProtect® has addressed this for many organisations who have had this recommendation made to them.