Over the last 18 months we have witnessed a staggering volume of cyber security breaches that have resulted in millions of users having their data stolen in addition to reputational damage & financial loss for the organizations in question.

It’s now a daily occurrence and very easy to get caught up in the daily news cycle that surrounds the security, focusing on either the breach headlines, hacked websites, or even the new threats and vulnerabilities that need constant attention and remediation. Irish company Loyaltybuild, as well as Supervalu Getaway and AXA Leisure Break were all victims of a data breach discovered in October. Hackers got away with 1.12 million personal records and 376,000 full credit card details. Other notable breaches include Snapchat, Target, Adobe, Evernote & Cupid Media.

Cyber Security and SIEM

IT directors are struggling to get to grips with the ever evolving threats and analysis shows that over 75% of organisations have found active command and control communications from within their network, 90% have active malware, and over 50% had data stealing malware.

In my experience even when companies are aware of infections they struggle to allocate resources to manage them effectively and eradicate them from the systems. In some cases SME clients are simply under resourced to deal with the list of vulnerabilities being identified by the security platforms on their network.

These challenges are resulting in the use of  allot of new technologies to try and stem the flow. One of the buzz words being used in enterprise security is SIEM (Security Information and Event Management). This service is intended to be the glue between an organisation’s various security tools. Standard Security tools and other event log sources will export alarms to SIEM systems for immediate analysis.

The data from the SIEM will allow the Security Team to sort, process, prioritise, store, and to action alarms. Essentially delivering a streamlined process for finding and fixing a companies security vulnerabilities, looking for insider threats, and preparing the incident response team to efficiently deal with breaches.

While this all sounds great it is important to note that deploying a SIEM is a detailed project. The deployment plan will include scoping the project, business requirements, and architecture specifications. This plan will position the business to finalise reporting requirements and objectives.

The reports from the SIEM can be managed internally or outsourced to managed (SOC) Security Operations Centre for real time analysis.

When deciding to evaluate SIEM it is also important to keep everything in perspective and ask yourself  “are we asking the right questions?”

Why SIEM?

• Compliance or regulatory mandated logging and reporting
• Metrics and reporting
• Security monitoring and incident response
• Real time answers to these critical questions :
  • Is the company being attacked ? By Who ?
  • Is company data being stolen ? By Who ?
  • How is the organisation being attacked?
  • What is the business Impact ?
  • How can the attack be prevented ?
  • How do we remediate ?

Once you have an idea of what compelled you to undertake a SIEM deployment, it’s easier to define the reporting requirements. This information will also help in selecting features for any SIEM product you choose.

// Ronan Murphy
CEO
www.smarttech.ie