Right now in the business world you only have to look towards your favorite news forum to hear about the most recent cybersecurity breach at companies local and far.
To be fair, companies do the basics (they do try), such as the following: firewalls, AV/AM, Active Directory, Windows patches, high speed networks and wireless, email in the cloud and end-user training to name a few and these companies still get hacked!
You may be asking how? – simply put these companies have a basic defense and they just cover the basics concerns, they don’t address the constant changes that occur with technology.
Technology changes daily and you can never keep pace with all of the threats, vulnerabilities, virus, script kiddies, Zero Day and Advanced Persistent Threats without the help of a solid defense-in-depth strategy.
The basics companies use to protect their infrastructures can be enhanced with a little proactive monitoring and insight into there internal and external network thru SIEM.
SIEM stands for Security Information and Event Management. This sounds like a big term but it’s really not, it’s actually the aggregation of two different functions: Security Information Management and Event Management. Security Information is that stuff you do all day long like surf websites, moves files from folder to folder, send emails, access server resources, print documents, etc and Event Management is basically just the real-time monitoring of system and network level logs and events that occur behind the scenes on all networked devices.
Some SIEM’s also provide Vulnerability assessments that aggregates the devices on the network and checks them against a massive database of vulnerabilities, that are updated daily, to ensure that the devices on your network are protected from the bad guys. If they aren’t protected from the bad guys some SIEM systems will provide steps on how to remediate the problems.
SIEM’s do the following: Asset Discovery, Threat Detection, Event (Correlation & Collection) Management, Vulnerability Assessment, IT Compliance, Application Log Management, Log Forensics, Log Storage, File Integrity Monitoring and Fine-Grained Reporting to name a few.
The power of SIEM is that it allows you to collect, analyze and then parse the data collected from all of these information sources and presents it in a way that is easily understood.
There is one company that I know of that does a great job with Security Information and Event Management, and that is SocSoter. SocSoter offers a range of devices such as your traditional SIEM unit they call a SMA and they also offer the Vulnerability Assessment in a unit they call a VMS. These units come in different sizes and configurations depending upon the number of users and size of the network.
A solid defense-in-depth is possible if you use a SIEM to act as your 2nd line of defense to bolster your 1st line of defense which is constantly monitoring your systems and network devices so you can stay one step ahead.
Thank you for reading,
Contact TeamlogicIT if you want more information: