IDS and SIEM

25-03-2015

Every year, the number of serious cyber-attacks increase. Many of these threats are stopped, but criminals quickly adapt to new defences and evolve and the exact numbers of breaches are unknown.

The most vulnerable are at greatest risk

You might think that that your business is not in the risk-zone for cyber-attacks, but the truth is that the vast majority of attacks happen to arbitrary victims, who simply were exploited because they were vulnerable. Undetected attacks can cause business disruption, information theft and reputational loss. Besides, all indications and statistics point in the same direction; there is a huge increase in the number of attacks against websites and online applications. At the same time it is getting harder and harder to identify possible attacks; they are much better hidden than before and criminals often use multiple ways of breaking and entering.

New possibilities means new threats

You may have heard about acronyms such as IaaS (Infrastructure as a Service), PaaS (Platform as a Service) or SaaS (Software as a Service), but have you heard about MaaS (Malware as a Service), FaaS, (Fraud as a Service) or its umbrella name CaaS (Cybercrime as a Service)? These services enable anyone with a credit card and a few minutes of their time with no prior knowledge to easily purchase attacks on online services.

A solution online is a vulnerable solution

Businesses relying on services exposed to the Internet must also be aware of what data is moving into and out from their environments, and the more sensitive the data being stored by the business the more prominent is the need to locate dangerous traffic patterns. The systems need to work.

Outsourced and managed services normally have a basic level of security included, but securing your business, planning and building for redundancy, defending against malicious attacks, floods and theft is complicated and expensive.

We protect you! 

By offering a unique solution for security monitoring, we can prevent damage and mitigate threats.

We have a two-part solution:

  1. Intrusion Detection System (IDS)
  2. Security Information and Event Management (SIEM)

Both are managed by mnemonic Security Operation Center (SOC), Basefarm’s security partner.

IDS - Monitor, detect and prevent

The IDS is monitoring and analyzing incoming network traffic to find and mitigate potential threats. The goal is to maximize security of the environment and stop dangerous traffic from coming in. This service is in many ways the “outermost” watch-post in regards to network security.

The IDS can be connected to most industry-standard SIEM platforms. It has a self-learning approach as everything which is discovered is added to knowledge databases and uploaded to the network sensors for future use. This helps to prevent the threat that could harm you in the future.

btn-top

SIEM - Correlation analysis and repair

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of the security of an organization’s information technology.

The SIEM service receives events from Service Management- or Monitoring Systems, logs and traffic data (for instance from the IDS), and correlates and analyses it looking for possible threats.  This means that the SIEM can find threats wherever they originate from (not only in the traffic stream). The service includes 5 log sources, and there are no limitations on how many logs may be used.

btn-top

Intrusion detection

By having the full solution with the IDS and SIEM bundled you have the ultimate protection, but you could also use another IDS solution and feed it into the SIEM offered by Basefarm, or use the IDS offered by Basefarm and connect it to a SIEM solution of your choice.

The service combines Basefarm solidity and agility on the managed hosting side and the “watchdog” competencies of a specialized IT-security company for monitoring and analysis (mnemonic). 

The log collection is being done locally inside Basefarm's datacenters, and only consolidated logs are being sent to the mnemonic SOC in Norway for analysis.

This hybrid model offers a unique combination of the two specialties, giving you the benefit of the synergies.

In any case, you know where your data is, always. Basefarm delivers both the IDS and SIEM and we make sure that you receive the optimal solution for your environment.

Above all, you receive:

  • Industry standard solidity – solid network monitoring and matching against known threats
  • Always accurate protection – built-in self learning capabilities
  • Low cost of ownership – you pay for the service, not for the infrastructure
btn-top