What is a SIEM and Why Does My Customer Need One?
by Vertek Labs
It used to be the case that perimeter security solutions were enough to keep the good guys in and the bad guys out of the enterprise network. The tools worked by identifying and blocking malicious code and bad actors from infiltrating corporate networks, servers, workstations, applications, logins, and databases. Perimeter security tools like firewalls, Virtual Private Networks (VPNs), antivirus, and intrusion prevention systems served as a brick wall protecting the corporate network. While the wall may have had weak spots, continuous monitoring tools provided the stopgap keeping organizations one step ahead of security breaches and in compliance. However, the enterprise landscape looks completely different today. Applications, users, and devices are moving outside the corporate network, and this shift is dissolving what was once the trusted enterprise perimeter. Plus, maintaining regulatory compliance is also becoming more complex, requiring an organization’s full-time attention.
Security architecture evolved
Where do we go from here? What can organizations do to protect themselves in today’s cloud-based, mobile era? The first step is setting up enterprise protections that extend way beyond the firewall where applications and data, devices, and remote users are. The next step is putting tools and processes in place to manage the flood of information about security information and events generated across the enterprise: Enter SIEM. SIEM or Security Information and Event Management technologies offer organizations a holistic, 360-degree view of their technical infrastructure looking at an extensive collection of security events or ‘logs.’ SIEM tools then create reports about applications and activities and use event correlation and alerting to help analyze and remediate security events. SIEM platforms can also help to simplify IT tools, management, and compliance requirements.
Now that you’ve got the basics down let’s review the top three reasons organizations would need a SIEM.
- “I need help managing the ‘flood’ of security events” – Every single minute of the day security events are happening across the enterprise. These events may be benign, critical, or somewhere in between. SIEM tools help manage this deluge of security event information by tracking and prioritizing security logs and analyzing the data for remediation when needed. SIEM tools monitor data from networks, perimeter devices, endpoint security devices, application-level security logs, firewalls, and intrusion detection systems. Without a SIEM, organizations may have ‘eyes’ on security for their endpoint, for example, but they may be missing other suspicious behaviors across public cloud environments, like AWS and Microsoft Azure, for example. A SIEM solution provides more protections giving security organizations more eyes and ears to detect threats, seeing activities and patterns that once went unnoticed.
- “What do I do with the information I have?”- Greater visibility into the infrastructure and cyber threats is nice, but what is next? Your customers need more clarity and intelligence around those threats to take action. A SIEM takes security management to the next level by using tools like artificial intelligence to efficiently analyze these streams of security information to highlight the most critical potential threats. Implementing a SIEM solution helps security managers to detect suspicious patterns of activity in multiple areas. Having all security log data in the same place makes spotting abnormal behaviors and patterns much easier, rather than seeing individual events and trying to ‘connect the dots’ after the fact.
- “I’m struggling with compliance” – To satisfy compliance requirements, today it often takes extensive manual processes including monitoring multiple IT security products and bringing in data from various systems to create reports. By continuously tracking networks, cloud environments, and endpoints, SIEM tools can help automate this effort to demonstrate compliance against today’s most challenging regulations, such as PCI DSS, HIPAA, GDPR, and more.
While a SIEM is not a silver bullet for today’s enterprise security issues, when appropriately leveraged by highly-skilled security analysts, a SIEM solution can provide an excellent way to protect the corporate network. Done right it can give your customers a bird’s eye view of their infrastructure so they can zero-in on threats and act. If your customer needs help with security management and you think they’d be a good candidate for SIEM, talk to us. At Vertek, we offer a comprehensive managed SIEM service that does the heavy lifting for your customers so they can focus on their core business.
January 15, 2019