Cisco Training Courses

Cisco Training Courses

Insoft has been serving IT industry with authorized Cisco courses training, since 2010. Find all the relevant information on Cisco training on this page.

View More

Cisco Certifications

Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

View More

Cisco Learning Credits

Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

Have CLCs and want to redeem them?

Cisco Continuing Education

The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

View More

Cisco U

Cisco U. is customized to achieve your learning needs as this provides learning paths that includes wide range of topics, including CCNA, Cloud and Network Automation Essentials.

Browse Catalogue

Cisco Business Enablement

The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

View More

Fortinet Technical Certifications

Insoft Services´ training capabilities rely on the excellence of our exclusive Fortinet Certified Trainers (FCT). We are dedicated to providing high-quality training to Fortinet Customers and Partners.

View More

Fortinet Technical Courses

Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

View More

ATC Status

Check our ATC Status across selected countries in Europe.

View More

Fortinet Services Packages

Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

Browse Packages

Prepforce Bootcamp

The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

View More

Microsoft Training

Insoft Services provides Microsoft training in EMEAR. We provide Microsoft technical training and certification courses that are led by world-class instructors.

View More

Technical Training

The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

View More

ATP Accreditation

As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

View More

What we do

Through our global presence and partner ecosystem, we provide strategic IT consulting services to align IT services with customers' business goals.

View More

 

We are pleased to launch pre-scoped Enterprise Networking Consulting Packages, our ready-made solutions, tailored to ensure efficiency and cost containment.

 

View More

 

We specialize in the deployment of vendor-specific automation tools as well as open-source and vendor-independent solutions, that can be tuned in accordance with the business needs of a specific organization.

 

View More

 

We provide comprehensive IoT consultancy, deployment and support solutions for businesses that want to launch or improve their use of connected technologies.

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More
Cisco Training Courses

 

We provide the highest level of expertise on Cisco consultancy services, that target audits of your current network and implementing updates for improved operational performance, secure data and compliant systems.

View More

 

We provide the highest level of expertise on Fortinet consultancy services that target audits of your current network and implementing updates for improved operational performance, secure data and compliant systems.

View More

 

Our team can help enterprises, get the most value from Extreme products and services following our predefined value-added packages or custom ones that fits business needs.

 

View More

 

TXOne Networks provides cybersecurity solutions that ensure the reliability and safety of ICS and OT environments through the OT zero trust methodology protecting assets for their entire life cycle.

 

View More

About Us

Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

View More

Security Information and Event Management (SIEM)

Security-Information-Event-Management-SIEM

Security Information and Event Management (SIEM)

19 May 2020

Let’s talk about SIEM. Are you having consistent challenges with responding to threats, breaches and related incidences? Do you find it increasingly draining to get to the root cause of breaches in light of the increasing numbers of attacks and related downtimes in your network? If yes, a SIEM solution is just what you may need.

More often than not, the above pain points are brought about by a lack of collaborative efforts between the Network Operations Center (NOC) and the Security Operations Center (SOC). The NOC is primarily interested in network performance and uptime while the SOC teams are primarily focused on network security, regulations, and compliance.

To further deepen the disconnect, they each make use of a diverse variety of tools and software that are not integrated so as to give a global view of the enterprise’s overall network. These factors introduce a complex monitoring and reporting environment which increases the likelihood that threats and breaches can go undetected for some time.

What is SIEM software?

Security information and event management (SIEM) software give enterprise security professionals a better handle on events within the enterprise. This is done through the collection of Security Information and Event Management (SIEM) network and security logs, in a central repository from multiple diverse sources e.g access points, active directory and database servers, routers, switches, firewalls, intrusion detection, and prevention systems, etc. SIEM is a fundamental element of a successful Cyber Resilience strategy.

SIEM Requirements:

A SIEM must be aware of what is attached to the network and be able to collect event and log data from all of those attached items. FortiSIEM is the only SIEM tool in the market that has a self-learning, real-time asset discovery and device configuration engine built into its platform. SIEM does parsing, data normalization and categorization on any type of device, as long as it’s able to send logs to it.

SIEM software should have an intelligent context, such that it is able to identify the specific kinds of running devices, applications, servers, and their corresponding configurations among other data so as to add relevant context to the events and notifications. This is a critical element of ensuring the SIEM product doesn’t raise false alarms.

SIEM software also requires that it is fed quality data for maximum yield; the bigger the data source you give it, the better it gets and the better it can see outliers.

How SIEM works:

SIEM software collects and aggregates log data generated throughout the enterprise’s endpoints, applications, firewalls, and antivirus filters.

SIEM delivers on the below objectives, which are to:

  • Provide near-real-time analysis. SIEM systems focus on providing faster identification, analysis, and recovery. It could for instance help detect zero-day attacks.
  • Align enterprises with auditing and regulatory requirements e.g PCI and HIPAA. SIEM generates automated compliance reports whilst sending notifications to relevant personnel. For instance, the SIEM receives an alert from Active Directory or RADIUS stating that it has detected a Repeat Attack_Login attack (3 or more failed login attempts in 60 seconds) against one of the hosts. A notification is then sent to a security administrator.
  • Automated cross-correlation and analysis of all the raw event logs from across the entire network. A SIEM’s differentiating factor from a typical log collector is in its ability to cross-correlate data from multiple different threat feeds and system data before determining the threat level of an incident.
  • Convert security events and log data into visually appealing charts to assist in seeing patterns.
  • Enable Forensic Analysis: The ability to search across logs on different nodes and time periods based on specific criteria.

SIEM Challenges:

Security teams often start by chasing down a staggering amount of false alerts. False alerts are one of the most nagging challenges in implementing reliable cybersecurity initiatives. These refer to “useless” alerts that end up wasting an enterprise’s SOC teams time since they are not real threats.

According to Cisco’s 2017 Annual Cyber Report: The Hidden Danger of Uninvestigated Threats. Only 28% of security alerts that are investigated turn out to be legitimate, from these, only 46% are remediated, meaning 54% of legitimate threats are not resolved!

This is partly a result of the redirection of the SOC team’s effort to investigate false alerts. So how exactly can an enterprise deal with false alerts?

Dealing with False Alerts:

  • Clearly define false alerts. If a trouble ticket is consistently created with no tangible immediate action specified, it probably is a false alert. Such alerts can be removed from the ticketing system and only included in a report.
  • Turn off the default rules that don’t apply in your environment, for instance, a SQL injection attack rule if there’s no SQL server installed in your network.
  • Finetune the rules to match your unique environment thresholds. This requires time though. After installation, monitor your environment to determine the most appropriate thresholds for various attributes, for instance, what is normal and abnormal traffic.
  • Implement a SIEM solution that has intelligent context capabilities. It should be able to cross-correlate event data from multiple feeds simultaneously and intelligently come to a reliable conclusion as to whether a threat is real or not.
  • Adjust SIEM product criticality to match your environment. Most default vendor settings are too high for most settings. This you will soon notice after having the SIEM in operation for a while. Save yourself the pain!
  • Use a high quality regularly updated threat feed and geolocation data. This will help add more context to your events and logs. For instance, if a source IP is from a known hacker cell, the criticality of such a log is increased to high. Geolocation data also helps determine whether the traffic is internal, remote or foreign traffic. Low-quality threat feeds could actually increase the number of false alerts!
  • Avoid duplication. If a firewall blocks some kind of traffic, don’t raise an alert ticket on what has already been blocked! What’s the point of having the firewall device installed in the first place?

Proactive organizations will learn to tune the tooling over time so that the SIEM understands what are normal events and thereby reduce the number of false alerts. After getting a false alert, make an adjustment to your SIEM so that it doesn’t catch that again. Fine Tuning should be done often to reflect both internal changes e.g the commissioning and decommissioning of devices, changes in the global threat landscape, etc.

Managing SIEM is a resource-intensive process that requires regular evaluations and adjustments to maintain optimal performance. Despite this, going without a SIEM solution isn’t the answer, because this can leave you vulnerable to attack. With this in mind, many IT professionals don’t know how to do this efficiently, thus, expert SIEM consultancy may be required.

To develop proficiency with accurately managing SIEM products, you can sign up for an Insoft instructor-led FortiSIEM training here.

SIEM Tools and Vendor Selection

SIEM tools come in both paid-for commercial offerings and free open-source alternatives. Different SIEM tools draw their strength from a myriad of different features and capabilities, so it’s upon you to carefully choose one that addresses your enterprise needs.

There are a couple of leading vendors, including Solar Winds, HPE, IBM, Splunk, Fortinet, and Intel, we also have open-source SIEM tools which are supported by the community. They are not vendor backed, hence they may not be as reliable; especially in critical enterprise-grade environments. Some of the best free open-source SIEM tools include Elasticsearch, ELK Stack, Ossim, Splunk Free and Ossec.

FortiSIEM Case Study:

FortiSIEM is a SIEM product manufactured by Fortinet. It offers SOC and NOC data correlation capabilities. It collects and normalizes a variety of logs, for instance, transaction, SNMP, connection, application and user logs.

These logs are then used for IT network and security monitoring and troubleshooting, consequently enabling organizations to eliminate blind spots by monitoring and analyzing a diverse set of events from multiple sources. Organizations, therefore, get an upper hand when it comes to the identification of threats and their root causes for even more agile remediation.

In addition to security metrics, FortiSIEM also monitors infrastructure resource utilization, application health, performance and availability metrics. The collection of all these data is done at a set polling interval. The results are converted into logs, which follow the typical SIEM processing logic. You can also read more about What is SIEM software? How it works and how to choose the right tool here.

More Blogs for you:

Relevant Exams: Fortinet NSE 5

Network Automation Developer
Insoft Services
Brunner has an extensive background in Telecommunications and Information engineering. He has previously worked with leading organizations in the electronic, software and Internet Service Provider space within their respective regions. He is an innovative thinker with a demonstrated history of working on Network Automation scripting and workflow orchestration projects. He has accumulated experience working with Python programming and Network engineering. He's also an active member of both the Cisco and Fortinet Developer networks.

  • Recent Blogs

  • Relevant Blogs

  • No Comments

    Comments are closed.