Financial institutions are popular targets for attackers because, as the old saying goes, “That’s where the money is.” This stock brokerage had an internal Security Operations Center (SOC), which used a Security Information Event Management (SIEM) system for the analysts to receive alerts of possible malicious activity and aid in their investigations. SIEM systems can be very expensive, and this Brokerage Firm was spending over $1,000,000 a year in licensing costs alone, so they wanted to ensure they were getting their money’s worth.
SCALESOLOGY IN ACTION
The Scalesology team was brought in to conduct a SIEM evaluation. We reviewed the Brokerage Firms’ configuration, rules, integrations, and data sources. Based on this information, we identified a few areas that needed to be fixed, as well as numerous areas where their investment could be better leveraged. In particular, we identified some serious deficiencies in their Network Intrusion Detection System (NIDS) including dead sensors and sensors with no network visibility.
The SIEM findings document provided the Brokerage Firm with a roadmap to first fix then improve their expensive SIEM system and make the most of their investment. For the NIDS evaluation, we were able to work with the client’s network team and fix the issues as they were identified, resulting in an immediate improvement in security monitoring coverage.