My quest to launch a SOC and SIEM solution that’s actually suitable (and affordable) for SMEs

Since 2016, I’ve been looking for a solution that can give SMEs visibility of activity on their network that threatens their environment.

Unfortunately, many organisations don’t know what data is actively entering or leaving their networks – let alone what is normally passing through. And the technology exists – it’s been used by large organisations like banks and the Government for years, to help protect sensitive data.

But so far, we’re yet to see a solution that’s accessible for SMEs – normally, such technology comes with an eye-watering, stomach-churning price tag.

We have literally spent years researching the tech and speaking with developers so we can bring a product to market that will enhance the security of SMEs’ environments, give visibility of data flows and flag suspicious or unusual activity for investigation.

The Securious SIEM/SOC solution

That’s where our Security Information Event Monitoring (SIEM)/Security Operations Centre (SOC) solution comes in – it enables SMEs to understand what is going on within their environments, so that they can implement adequate measures to protect their systems from cyber attacks.

And yes, every business is different and has different needs – this is especially true when considering operating systems, cloud hosted applications and preferred email clients. But there will always be internet break outs, inbound traffic and some form of file sharing system in place, with user accounts interacting across these platforms.

Our SIEM solution is designed to capture, identify and recognise the log data, converting it into a user-friendly format to give you a clear overview of your environment at any given time. It learns what normal looks like to you and your business, establishes a baseline of activity over an on-boarding period, and gives you a single point of reference for the various traffic flows and sensitive data entering and leaving your business.

Then, once this baseline is established, unusual or suspicious activity can be accurately identified, investigated and remediated – whether it comes in the form of external hacking activity or internal rouge employee activity.

An Enterprise-level solution for SMEs

I have always had the vision of providing an enterprise solution to the SME market and sharing the level of expertise and technology often reserved for the large corporates by delivering a robust solution along with a local service.

There are many SIEM solutions out there to consider, and I did consider some of the larger ones, but the reselling of client licences did not appeal to the ethos of how we like to manage our clients. I do not want to put another layer of support and potential complexity into the mix and end up as a middleman to the vendor.

I chose Assuria, who have been developing their solution since the 1990s. They have developed ground-breaking analytics that is used across the world, with their largest presence in Japan. Many of their clients have been using the products for over 10 years and they range from Governments to huge international organisations.

Satisfied with the world-leading technology Assuria provides, we did some further research into their business and team members  and decided that they are the perfect partner for us. Assuria are based in the UK and have an amazing developer team that fully understand our business model and ethos.

Capabilities

Our capability includes the support and technical knowhow of the full Assuria team – be that in onboarding clients or delivering sales pitches, we are in great hands.

Our solution is hosted within a Tier 1 data centre based in the UK, and fully compliant with a multitude of standards. We share the data centre with some of the world’s leading brands and are sure that the service and availability is second to none.

Moving forward, I have a vision that Securious will be a leading SIEM solution provider to SMEs – not only for the South West, but further afield as we grow this capability.

The SOC element, or Security Operations Centre, is firmly focused on the enhanced services around the core SIEM solution. This focuses on Threat Intelligence feeds, looking at the wider picture for security patterns and is provided by multiple vendors who specialise in this area.

We are also looking to provide end clients with 24/7/365 eyes on screen, reacting to live security and incident events. Firewall and perimeter device analysis is another way we are using this leading technology to enhance our core services.

Know your threats – the rest will follow

The future of cyber security starts with protecting yourself from the known threats – the rest will follow. I feel we have entered an age of advanced technological supremacy that enables us to communicate and connect like never before, with the prolific sharing of data on a global scale.

The threat actors are ever present and constantly evolving, and to fully appreciate how to protect your business from these threats, you need to start with the basics. The basics are monitoring your network, analysing your log data, and actively checking to make sure activity is as it should be.