October 2015 SAFE Newsletter
It’s not that SIEMple…
Security Information and Event Management (SIEM) has become a cornerstone solution for financial organizations to protect confidential information and prevent malicious attacks. Many industry experts thought SIEM reached a high level of maturity by 2010. Instead, SIEM experienced a second evolution due primarily to advanced attackers utilizing more advanced threat technology and organizations wanting increased protection against these advanced attacks. Additionally, the advent of cloud technology and mobile applications present a new landscape of increased network security. Due to the compliance concerns of financial organizations it is important to evaluate your current SIEM solution and understand whether it is providing your organization with the required protections for both regulatory and business needs.
Financial organizations should incorporate the latest SIEM solution that has kept pace with technological innovation and advanced threats. An advanced SIEM solution will:
- aggregate data from numerous sources,
- rely on mining data for security information,
- potentially utilize an IT Service Provider with expertise in detecting advanced threat activity, and
- be scaled to the organization’s needs and requirements.
Originally, SIEM services aggregated data from network hardware and system applications, like servers and intrusion detection/prevention systems (IDS/IPS). The introduction of cloud and mobile technology increased the scope of infrastructure parameters beyond hardware and system applications to other devices and events that may not be a part of your system but have the potential to infiltrate your system with malicious activity. This should be included in your SIEM protection. Many times gathering information from a shared cloud environment or application used by thousands may not be practical, either because the information is restricted to your cloud or application providers and/or the organization does not analyze enough data points to provide a clear picture. To solve this problem consider implementing SIEM protection using innovative data points that can indicate high threat levels based upon the infrastructure utilized and specific business activity.
In addition to expanding the data points used with your SIEM, financial organizations should evaluate the technology behind the SIEM product to ensure it truly is an advanced SIEM product and not a first generation SIEM solution. An advanced SIEM product will utilize data mining to obtain security information, as opposed to relying on easily mutable items, like file signatures. It will also be equipped to utilize big data and provide advanced analytics by correlating events and incorporating larger datasets. Additionally, data analytics may offer reports that use security and business data for evidence of a compromise. This increased use of technology and data can provide a wealth of information that can assist in protecting your organizations network regardless of infrastructure.
Advanced, top-of-the-line SIEM solutions are expensive and may be too vast for the needs of small- to medium-sized financial organizations. Outsourcing SIEM can help scale the solution to fit their specific needs. By utilizing an IT Service Provider, financial organizations can leverage economies of scale, skill (increased forensic analysis by specialized personnel), and experience (subject matter expertise) to take full advantage of the benefits of SIEM while allowing the organization to concentrate on its business activities.
Getting What You Need from your SIEM Solution