SOC Prime’s Predictive Maintenance (PM) helped us to set priorities and to solve the most critical problems. This allowed us to fix problems within SIEM more efficiently and quickly. Moreover, PM identified system vulnerabilities, which needed troubleshooting after solving the current tasks, before they turned into serious malfunctions. SOC Prime’s product allowed us to fix a dozen of issues and save time on their search. We also managed to reduce the number of requests for technical support. This became possible because Predictive Maintenance shows what is happening with the system in real time and provides examples and methods for solving SIEM issues directly in the console. Automatic error notifications within SIEM allow us to avoid manual scanning of tens of thousands of diagnostic log entries and receiving one notification with automatically set priority and guidance for action. And what is even more important, due to time saving on system management and increasing its productivity, it became possible to investigate information security incidents on a more qualitative level.
IT Security Expert, Information Security Division
Managing and writing all the analytical content is a responsibility of the Information Security department staff. Almost all of the company’s primary systems have been connected to SIEM since 2016. Due to the constant technology development, the number of collected events, analytical content, rules, search queries and reports is constantly growing. Consequently, the SIEM system increasingly requires maintenance and time of the cybersecurity personnel, while the level of staffing remains the same. This limits their ability to spend time looking for new errors and issues in the system on a regular basis. At the same time, the importance of the SIEM system is constantly increasing since many Information Security processes inside the company are tied to it.
Cooperation between the companies started back in 2016 when SOC Prime provided the European telecom leader with Predictive Maintenance (hereinafter – PM) for testing free of charge. Testing included installation of a virtual server in the infrastructure and connection of all components of the ArcSight system to it, installation and configuring of the SIEM ARB package and complete documentation for configuration and operation. This facilitated controlling the security level better and assessing the risks.
After the launch of PM, several errors were identified on different connectors, as well as parsing errors, and collecting event issues on some SIEM components. This showed that the process of implementing and configuring the SIEM system was not complete. The number of requests to the database and the time of events storage in the base exceeded the SIEM platform limits, which led to the deadlock of queries in the database and overlong execution of reports. Manager resources, main consumers of memory, active lists, and lists of sessions became visible within several minutes after the launch of the PM console. In addition, the console displayed the amount of resources consumed by queries to the database and rules that overloaded the system the most. Applying this SOC Prime’s product helped the company stay constantly updated on the SIEM health, prioritize any SIEM issues, and fix them faster and smoother.
About Telecom Company
The company is a European digital operator that provides true freedom of communication and is a subsidiary of a converged telecommunication and technology services provider, founded and headquartered in Turkey. Affordable, high-quality and high-speed 4.5G mobile Internet provided by the telecom leader opens up all modern capabilities of digital mobile communications. The digital portfolio of services and products of the company includes multifunctional BiP Messenger, fizi music service, secure cloud storage lifebox, mobile billing service, and more. The digital operator carries out a number of projects aimed at developing a “smart city,” improving citizens’ security, and launching the IoT (Internet of Things) networks.
Looking for partnership in the telecom industry?
Join our Detection as Code platform to boost your cyber defense capabilities and find custom SOC content tailored to your industry-specific threat profile